For years I have been covering VoIP security and throughout this time it has been a one-sided conversation as there have been few documented cases of VOIP security attacks. Companies are generally not too happy to discuss VoIP security breaches so this news shouldn’t be very surprising to anyone.
In the absence of news regarding companies who have had voice or video conversations compromised, vendors in the VoIP security market have been proactive. Some such as Sipera have revealed
vulnerabilities of existing equipment and more recently one person has even released a proof-of concept program named SIPtap with the goal of showing how easy it is -- once a program is slipped onto a corporate computer via a Trojan horse or some other means, to record enterprise VoIP calls as WAV files for later analysis.
The person behind this proof of concept program is Peter Cox who co-founded and was CTO of BorderWare, a company in the VoIP security and session border control space. I first wrote about the company in August, 2005 in a blog entry titled Secure VoIP
and I covered them more recently in an entry titled Borderware's SBC Strategy
Cox left BorderWare and has his own VoIP Consultancy which will be up and running in 2008 according to PC World
The issue of protecting VoIP calls is likely something corporate decision-makers gloss over all too often and just because companies are not reporting more security incidents, does not mean they aren’t happening.
In the end, if you are responsible for the IP communications infrastructure of your company you need to be 100% up to date on the latest solutions on the market.
For this reason it is essential you study the problem as thoroughly as time allows and network with others in the space.
As more and more crucial information gets carried over internet protocol networks, the incentive to eavesdrop on these conversations will grow dramatically. Moreover as SIP becomes ubiquitous, the knowledge needed to perform hacks such as the one described in this article will only grow. The sooner you learn about how to effectively secure your corporate IP communications, the better off you and your company will be.