Say hello to VOIP Hopper

I was intrigued to read a report about a security validation utility called VOIP Hopper which, as the name implies, allows users to slip unnoticed into a corporate VOIP system.

According to an interview with the two guys behind the software - John Kindervag and Jason Ostrom - on Wired's blog network, VOIP Hopper can be used within companies and on hotel networks to gain access to IP PBXs that you wouldn't normally expect access to.

Using a really advanced hacker technique - replacing the VOIP phone with a notebook PC - VOIP hopper mimics the data packets sent at three minute intervals by the VOIP Phone, requesting a switch to a full-feature Ethernet connection along the way.

According to Ostrom, Avaya's VOIP technology is superior to that of Cisco's, since you have to pipe your IP requests past a network sniffer, but he claims, swapping the phone for a notebook PC works every time.

Ostrom claims that, in seven different VOIP systems he and Kindervag have examined, none of them had a firewall between the voice and data sides of the VOIP fence.

"We've toasted so many of these networks, it's not funny. VOIP LAN (technology) is never, ever, a secure network," he said.

You can download VOIP Hopper here...