Skip to main content

Secure your VoIP network now says firm

Tier-3 has warned companies using Internet telephony (VOIP) of the security risk the technology poses; the warning comes after Peter Cox demonstrated (opens in new tab) how easy it was to hack into a VoIP conversation.

Peter Cox, the ex-CTO of BorderWare, has left the firewall company he helped found, to establish a new VOIP consultancy.

As part of this new initiative he has completed research and development of an Internet telephony eavesdropping application called SIPtap - which provided a proof of concept of how VoIP hacking might be done.

“This type of application sounds a warning because it demonstrates the ease with which VIOP networks can be hacked and Intellectual Property stolen," said Geoff Sweeney, CTO of Tier-3.

"The SIPtap demonstration package reportedly allows multiple VOIP call streams to be decoded on-the-fly and stored to hard disk as a .WAV file. The most worrying aspect of this is that the software can be loaded on to a company's internal systems using Trojan Horse malware," Geoff Sweeney added.

According to Sweeney, tapping company Internet telephony lines could result in the loss of all sorts of company and client confidential information, as well as company banking IDs and passwords.

"The fact that a complete VOIP phone eavesdropping application can be remote loaded on to a company's systems using a simple malware e-mail is very worrying," he said.

"Companies need to review their IT security software arrangements and consider installing behavioural analysis software on their systems, as this is the only sure-fire method of preventing malware infections, even if employees `click through' on infected emails," he added.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.