Hackers Threaten Internet Phone Calls

Dennis Faas's picture

A security expert has produced proof that Internet phone calls could be hacked. Peter Cox has produced a program named SIPtap, which is designed to monitor VOIP (voice over Internet protocol) streams that carry phone calls through services such as Skype. The program can record conversations as audio files and even index the calls by date or caller.

The software only needs to be installed on one machine (through a virus) to record all the calls made on the network. A skilled hacker could even install it across an entire Internet service provider's system.

Mr. Cox has only used SIPtap to prove the theory behind the software. He's been running tests since August and claims that he encountered no problems hacking a test network.

Cox previously worked for BorderWare, a company selling firewalls, and is now launching a consultancy specialising in VOIP networks. He says many companies are at risk because they do not build enough security into their internal voice systems. His advice is to "Apply the same vigour when building a VoIP network you would when building a website." (Source: pcworld.com)

It seems that the only way to truly secure Internet phone calls is through encryption software. The effectiveness of such methods has already been proven in Germany, where police have admitted they've been unable to monitor Skype calls in the same way as normal phone calls.

"We can't decipher it," Joerg Ziercke, president of the German Federal Police Office said. "That's why we're talking about source telecommunication surveillance -- that is, getting to the source before encryption or after it's been decrypted." But he said it wasn't practical to ask Skype to hand over encryption keys.

Ironically, Mr Ziercke suggested using Trojan horse viruses to monitor criminals' online behaviour. Such tactics are currently illegal in Germany, thanks in large part to memories of intrusive surveillance by East Germany's Stasi secret police. (Source: nzherald.co.uk)

Major Internet phone companies such as Skype usually have adequate security measures, but large firms with internal voice networks remain at risk unless they treat voice calls with the same security as emails.

Rate this article: 
No votes yet