SIPtap software can eavesdrop on VoIP calls

Jan Harris

November 23, 2007

UK VoIP expert, Peter Cox, has released a proof-of-concept program demonstrating the vulnerability of VoIP-based calls to eavesdropping, placing confidential information at risk.

The software, called SIPtap, can monitor multiple VoIP calls and record them as .wav files, for remote inspection.

A hacker would be able to infect a single PC on a network with a Trojan incorporating the programme. The hack would also work at ISP level.

SIPtap can catalogue the tapped VoIP calls by caller, via SIP identity information. The calls can also be indexed by recipient and date.

Peter Cox, who wrote the software himself, was the co-founder of firewall vendor BorderWare, and is now establishing his own VoIP consultancy.

The inspiration for the software came from a conversation with encryption expert, Phil Zimmermann, the creator of Zfone, which protects against VoIP call tapping by using call encryption.






 

Comments in chronological order (1 comment)

  1. Now that VOIP is becoming a major importance in online communication, We need to have more secure methods of placing calls.

Post a comment

Your email address will not be published. Required fields are marked *

Visited 3851 times, 1 so far today