UK VoIP expert, Peter Cox, has released a proof-of-concept program demonstrating the vulnerability of VoIP-based calls to eavesdropping, placing confidential information at risk.
The software, called SIPtap, can monitor multiple VoIP calls and record them as .wav files, for remote inspection.
A hacker would be able to infect a single PC on a network with a Trojan incorporating the programme. The hack would also work at ISP level.
SIPtap can catalogue the tapped VoIP calls by caller, via SIP identity information. The calls can also be indexed by recipient and date.
Peter Cox, who wrote the software himself, was the co-founder of firewall vendor BorderWare, and is now establishing his own VoIP consultancy.
The inspiration for the software came from a conversation with encryption expert, Phil Zimmermann, the creator of Zfone, which protects against VoIP call tapping by using call encryption.