A report that's making the rounds out of the UK say that an insecurity expert has hacked SIP based VoIP calls.
If true this will give IT managers fits, and if not addressed by the SIP standards folks at the IETF very soon, will have a chilling affect on the growth of IP based telephony world, first and foremost in the enterprise space that Microsoft is chasing with its SIP based Live Communications and Unified Communications efforts.
Given how much news gets generated around bugs and exploits in MSFT Windows OS' this will give the market audiences a field day with their voice products.
It also means that networks like Vonage, that don't currently have a very aggressive security operations compared to AT&T's CallVantage group, and other small operators (i.e. Broadvoice, Earthlink, VoicePulse, Lingo, SipPhone, etc.) may have to beef up their security and begin to look seriously at this issue.
Nothing would be worse than having the wrong person here the wrong thing....
Can you spell VPN....and would that even help?
UPDATE--> Mr. Blog has a very informed perspective..and I admit, I'm not an expert on hacking or security. I just know its something we should know about.
Come on, Andy, I can't believe you were fooled by this. Tools like this have been available for ages. I remember using one of them to record some phone calls I needed to record a few years ago because it was easier than sticking a suction cup recorder on the end of my phone handset. They are also used commonly in the call center industry and for debugging SIP work.
This is just a ploy by the security consultant to drum up some attention, I suspect -- unless he's a poor enough security consultant to not have known about the existing recorders.
Posted by: Brad Templeton | November 23, 2007 at 02:24 PM
Sean,
Would love to hear how...and I'll raise you one better. Give me a document or a JPEG slide and I'll post it here !!
Please email via the link on this page.
Andy
Posted by: Andy Abramson | November 23, 2007 at 01:29 PM
I'm the group program manager for the Office Communications Server product at Microsoft and would be happy to discuss how we achieve secure voice communications *without* using a VPN. The technology is available today though adoption may not be as broad as you would like.
Posted by: Sean Olson | November 23, 2007 at 11:50 AM