Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Communications The Internet

Expert Unveils 'Scary' VoIP Hack 103

Kurtz'sKompund passed us a link to a Techworld article on a frightening new vulnerability for VoIP. The UK's Peter Cox has put together a proof-of-concept software package to illustrate the flaw, a program he's calling SIPtap. "The software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well. The program can index 'IP-tapped' calls by caller - using SIP identity information - and by recipient, and even by date."
This discussion has been archived. No new comments can be posted.

Expert Unveils 'Scary' VoIP Hack

Comments Filter:
  • by NoxNoctis (936876) on Friday November 23, 2007 @11:14AM (#21453957) Homepage
    This is why I SSH tunnel any truly sensitive traffic to as close as I can get to the destination.
  • This is soo old! (Score:3, Informative)

    by Kris2k (676294) on Friday November 23, 2007 @11:19AM (#21453991)

    I recall seeing a project on freshmeat in 1999-2000 about the exact same functionnality. Granted, it wasn't as refined as this one, but it did exactly what it had to do; sniff packets over the wire, decode them, and send them to your DSP.

    This is old, and that's why people today use VLAN tagged phones to seperate VOIP traffic onto another network, combined with switches that don't allow promiscuous activities, intrusion detection systems, picky switches that don't like MAC changes, and voilà, problem solved for the distribution networks.

    There will always be ways to tap coversations, and if you think you pots land line is secure *chuckle*, get real.

  • Re:More Info? (Score:1, Informative)

    by Anonymous Coward on Friday November 23, 2007 @12:13PM (#21454359)
    Check out this particular magic spell [wikipedia.org]. If you do not have separate LANs for VoIP and other data, or one of your computers uses a software VoIP client on the VoIP network, a single infected machine is sufficient for an attacker to listen in on all calls (unless your network admins have a clue and detect and isolate unauthorized MAC address changes.) Some SOHO switches can also be turned into hubs by flooding their MAC address table.
  • by CFD339 (795926) <<moc.htroneht> <ta> <pwerdna>> on Friday November 23, 2007 @01:59PM (#21455145) Homepage Journal
    Most networks now are switched, not using open hubs. In a switched network, you can't just stick a network card in promiscuous mode and hear all the traffic. The switch connects two two ends that are talking, (e.g. your phone and pbx) and excludes that traffic from anyone else on that switch.

    The vulnerable points come after the switch, for example if all the phones use a switch, and that switch has a connection to the PBX, than if you could insert a hub between the pbx and the switch you could use this hack there. If your pbx uses VIOP to upstream the link to a VOIP provider, than someone could get on the WAN link between your PBX and provider.

    Both of these require way more access -- and likely physical access -- than this article makes out.

"What people have been reduced to are mere 3-D representations of their own data." -- Arthur Miller