Trojan taps VoIP calls

A simple trojan onto a corporate network is all that is needed to record VoIP claims a London security expert, Peter Cox. Cox has written software called SIPtap which can monitor multiple VoIP call streams, listening in and recording them for remote inspection as .wav files. He has been testing the software since August and now has a "proof of concept."  

According to PC World the program can index "IP-tapped" calls by caller--using SIP identity information--and by recipient, and even by date. In tests  the software extracted enough information on the test network "to prove that call recording of any and every VoIP call at a hypothetical company was now a trivial exercise."

"We are in the early days of VoIP, but there is a knowledge gap," Cox told PC World. "Companies using VoIP internally think they are protected. The threat is that an attacker engineers a Trojan and has it sit there passively recording calls from anywhere on the Internet," says Cox. He said companies had to apply the same rigor when building a VoIP network as a website.

More Reports:
- Peter Cox security podcast
- Expert Scares World With VoIP Hacking Proof Report

Related articles:
- Sipera: Vonage, Globe7, Grandstream not secure Report 
- VoIP not ready for prime time Report