A new tool which allows enterprises to assess if their VoIP solutions are vulnerable to targeted eavesdropping has been released.
UCSniff, from Sipera Systems’ VIPER Lab, is a free application which allows network managers find out how easy it is to imitate an enterprise VoIP phone, download a directory and then listen in on confidential calls.
"UCSniff is an assessment tool that helps demonstrate vulnerabilities in VoIP design and implementation," said VIPER Lab director Jason Ostrom.
"It was born from the concept of combining targeted attacks against VoIP users along with the corporate directory, intelligent VLAN support, and man-in-the-middle features."
The results of a survey released last month revealed that security was one of the top-five concerns for respondents when investing in VoIP solutions.
The security and regulatory compliance implications are significant for VoIP eavesdropping, especially given the ability for outside hackers to access corporate directories.
Once done they can use that information to target and automatically record conversations between anyone from CEOs, CFOs, corporate counsel and outside law firms to accounts rReceivable dealing with customer credit card payments.
The UCSniff tool is available now for SIP and SCCP signaling protocols. A future version will allow testing VoIP Video calls on the Windows OS.