A British VoIP expert called Peter Cox proved recently that hacking a voice-over-IP system is not such a difficult task as others previously thought it to be.
Cox created a proof-of-concept software tool that demonstrated how easy it would be for Internet criminals to listen and even to record any company’s VoIP-based calls.
SIPtap, as the expert called his program, is able to monitor more than one VoIP call streams at the same time. It allows its users to listen as well as record the calls that they are interested in as .wav files. Although the hack can work at the Internet service provider’s level, hackers can also infect one single PC of the company’s network with a Trojan to become able of using the tool. SIPtap is capable of indexing “IP-tapped” calls by caller by using SIP identity information, as well as by recipient and by date.
Peter Cox tested his program between August and November 21 and his findings showed that “spying” on any company’s voice-over-IP calls is not longer an impossible or difficult job.
“We are in the early days of VoIP, but there is a knowledge gap,” Peter Cox said, adding that “The threat is that an attacker engineers a Trojan and has it sit there passively [on a network], recording calls from anywhere on the Internet.”
Thanks to Cox, companies have found out the risks they are exposing themselves to by using VoIP technology and hopefully sometime in the future the programmers and developers will be able to fill in the “knowledge gap.”