Gold'en rant of the week : VOIP security - what's that?

The security of Voice over IP (VOIP) came under intense scrutiny at the Black Hat 2006 IT security event in Las Vegas this week, kicking off with Phil Zimmermann updating the audience on his Zfone secure VoIP software, which is just about unhackable.

Which is more than you can say for most VOIP PBX systems, the type of which can be readily identified from their voicemail messages, allowing hackers to plan their methods of attack accordingly.

A new book - Hacking VOIP Exposed - is due for release later this year. Authored by David Endler, director of security research at TippingPoint and Mark Collier, CTO of SecureLogix, the book apparently exposes a raft of ways in which VOIP systems and software can be eavesdropped upon.

According to extracts from the book revealed at the Las Vegas event, some VOIP phones can store transmissions packets for debugging purposes, but this can also be exploited to remotely record conversations.

And then there's Skype, which is apparently quite easy to eavesdrop on, providing you know the user's IP address.

Am I alone in being amazed and horrified at the ease with which VOIP software and systems can be eavesdropped and hacked?

Zimmerman's Zfone project is just one of handful in the VOIP wilderness that is secure. There needs to be more...