Kurtz'sKompund passed us a link to a Techworld article on a frightening new vulnerability for VoIP
. The UK's Peter Cox has put together a proof-of-concept software package to illustrate the flaw, a program he's calling SIPtap
. "The software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well. The program can index 'IP-tapped' calls by caller - using SIP identity information - and by recipient, and even by date."