VoIP exploit permits illicit tapping, recording of VoIP calls

Bookmark This (opens in new window)

A proof of concept program has been developed and demonstrated that allows significant and possibly large-scale exploitation of Session Initiation Protocol (SIP), permitting an individual to tap into corporate VoIP networks. The exploit could also be done at the ISP level, permitting an intruder to eavesdrop on large numbers of VoIP calls, perhaps simultaneously.

voipsecuritycover400×629.pngThis is an extremely dangerous development, one that I have feared could happen once telephony networks are converted to TCP/IP. This is a classic example of technology being developed and implemented without adequate consideration for security and privacy. Other examples of technologies whose early editions were too weak for prime time: WiFi networks, analog cellular networks (remember the clone wars?), e-mail (spam and spoofing are still significant problems), domain name service (significant weaknesses abound), FTP, Telnet… shall I go on?

Organizations that utilize VoIP and SIP trunks to branch offices or service providers need to consider protecting these communications with VPN technology. SIP’s security features alone cannot be relied upon to protect VoIP traffic.

Article here:

http://www.techworld.com/security/news/index.cfm?newsid=10736

More on the risks of new technologies here.

How to protect corporate VoIP networks here.

Disclaimer: this article is posted as a public service, not a book promotion. VoIP Security was a work-for-hire project, which means I won’t make a dime more on this book whether it is read by 10 people or 10 million people.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s