Secure your VoIP network now says firm

Tier-3 has warned companies using Internet telephony (VOIP) of the security risk the technology poses; the warning comes after Peter Cox demonstrated how easy it was to hack into a VoIP conversation.

Peter Cox, the ex-CTO of BorderWare, has left the firewall company he helped found, to establish a new VOIP consultancy.

As part of this new initiative he has completed research and development of an Internet telephony eavesdropping application called SIPtap - which provided a proof of concept of how VoIP hacking might be done.

“This type of application sounds a warning because it demonstrates the ease with which VIOP networks can be hacked and Intellectual Property stolen," said Geoff Sweeney, CTO of Tier-3.

"The SIPtap demonstration package reportedly allows multiple VOIP call streams to be decoded on-the-fly and stored to hard disk as a .WAV file. The most worrying aspect of this is that the software can be loaded on to a company's internal systems using Trojan Horse malware," Geoff Sweeney added.

According to Sweeney, tapping company Internet telephony lines could result in the loss of all sorts of company and client confidential information, as well as company banking IDs and passwords.

"The fact that a complete VOIP phone eavesdropping application can be remote loaded on to a company's systems using a simple malware e-mail is very worrying," he said.

"Companies need to review their IT security software arrangements and consider installing behavioural analysis software on their systems, as this is the only sure-fire method of preventing malware infections, even if employees `click through' on infected emails," he added.