A new proof-of-concept software that can eavesdrop on VoIP-based phone calls has been released by UK-based VoIP expert, Peter Cox.
Called SIPtap, Cox was inspired to write the software after a chat with PGP-encryption guru Phil Zimmermann, who also created the Zfone. The Zfone is a new secure VoIP phone software product that lets you make encrypted phone calls over the Internet.
… the software snuffles around several VoIP call streams, earwigs in on them and records them as .wav files for later distribution. All it takes is one Trojan installed in the company’s network and it is good night Vienna for your VoIP network.
Not only that, Cox claims that this hack will work at the ISP level too.
This reminds me of the days of network hubs, when e-mails were easily intercepted. At the moment, the only way around SIPtap is to make sure that your VoIP traffic is properly encrypted.