An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.
Called SIPtap, the software is able to monitor multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need to do would be to infect a single PC inside the network with a Trojan incorporating these functions, (see our USB memory stick warnings) although the hack would work at the Internet service provider level as well.
SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. (more)