You Think VoIP Conversations Are Safe? Think Again

Ralph DeFrangesco

A new toolkit is available free of charge that will allow a hacker to intercept and listen to conversations over a voice over IP (VoIP) network. VoIP is susceptible to many attacks, such as toll fraud, SPIT, malformed messages, call hijacking, call eavesdropping and call modification.


UCSniff is a bundle of new and previously released open source software that is being released by Sipera Systems. There is a catch to using the software -- you must have physical access to the target a company's network. It requires you to plug into an Ethernet port and run the software locally, so this type of attack would come from an internal source such as an administrator or network engineer. The software will even allow you to target a specific number or dial-by-name feature.


Sipera Systems insists that the tool is for educational purposes. But the concern here is that an unscrupulous person might tap into their organization's network and monitor VoIP conversations undetected. These tools that claim to be for "educational" purposes have long been a double-edged sword for IT security. Some of them are very useful, and in the hands of a professional they are used to monitor and protect an organization's network. These same tools in the hands of a hacker can be used to break into a network or, in this case, listen to phone conversations. I am very concerned when I hear the words, "for educational purposes." I usually wonder, mine or a hacker's?

Add Comment      Leave a comment on this blog post
Dec 18, 2008 6:09 AM Irv Schlanger Irv Schlanger  says:
Ralph,The tool that you described is also capable of VLAN jumping making it kiddy script ready. Most all of the security tools can be compared to double edged swords. Like any other weapon if they are in the hands of a criminal chances are a crime will be committed, but the same tool in the hands of an honest security professional can and should be used to test the system prior to being hacked. Think of it like a handgun being held by a police officer, or a robber. The point is that IT Security professionals must keep ahead of the hackers by using the tools first. As far as VOIP, if it is not encrypted end to end you are vulnerable. VOIP takes what most people assume are private conversations and broadcasts them over a public network, in the same manor as email. Irv SchlangerProfessor, IT Security & Information Warfare Drexel University-Goodwin College Reply
Feb 18, 2009 8:34 AM MrGrey MrGrey  says:

Breaking News: Information on the internet is public unless you encrypt it...

In other news Big Bird eats birdseed.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.