VoIP wide open to wiretaps
p2pnet news | Security:- VoIP phone calls – all of them – are dangerously vulnerable to wire-tapping, says a security company.
Telephone calls on standard phone network (PSTN) can be monitored and access to telephone company networks is tightly controlled, “making unauthorized wiretapping virtually impossible,” says VoIPCode on its site devoted to its proof-of-concept SIPtap application.
In most countries even law enforcement authorities must be legally authorised to tap phones but, “Voice over IP (VoIP) changes all this,” says VoIPCode.
Calls run over an IP networks which, “are much more open than the PSTN,” meaning VoIP calls can be intercepted and monitored much more easily standard calls.
The real threat will be intercepts by organised crime, hackers, “and anyone else who wants to listen to your VoIP phone calls,” says the company, going on:
All they have to do is to monitor the IP network at some point between the caller and call recipient.
The monitoring point can be the corporate network, an unscrupulous ISP or a local PC infected with spyware. The recordings of monitored calls can be organised, indexed and remotely browsed from anywhere in the world.
VoIPCode’s SIPtap proof-of-concept program show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology, says a post on hackinthebox.org, explaining:
Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well.
The program can index ‘IP-tapped’ calls by caller – using SIP identity information – and by recipient, and even by date. Running from August this year until the most recent tap on November 21st, SIPtap had no problems in extracting enough information on the test network to prove that call recording of any and every VoIP call at a hypothetical company was now a trivial exercise.
Stay tuned.
Also See:
hackinthebox.org – SIPTap tool allows eavesdropping on VoIP calls, November 23, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.
November 23rd, 2007 at 6:15 pm
Why is VoIP unencrypted, anyway?
*Anything* that passes over IP will be intercepted, eventually; only strong encryption will fix this.
November 24th, 2007 at 12:53 pm
typo:
… CAN …, rather than WILL
November 26th, 2007 at 1:45 pm
Geeze people… If you are compromised by a trojan – ANY information on your system is up for grabs… VOIP is not the problem here – it’s workstation/network security! How can a SIP VOIP phone be infected with a trojan designed for a PC? It can’t. What kind of moron sysadmin allows anyone to plug into his network switchports without port security enabled on them? What imbecile network admin allows unencrypted wireless traffic on a corporate ap? If your ISP does not have a good reputation – maybe it is time to switch??? This is more FUD….