Test for targeted VoIP eavesdropping with UCSniff
VIPER Lab released UCSniff, a free application that enables enterprises to determine if their VoIP networks are vulnerable to targeted eavesdropping. Jason Ostrom, Director of VIPER Lab, first publicly demonstrated UCSniff in September at the ToorCon X Conference, reviewing how administrators can validate this vulnerability, imitate an enterprise IP phone, download a corporate directory, then automatically monitor and record confidential conversations by targeting key employees and departments.
The security and regulatory compliance implications are significant for VoIP eavesdropping, especially given the ability for outside attackers to access corporate directories and use that information to target and automatically record conversations between CEOs, CFOs, Corporate Counsel and outside law firms or patent offices, sales executives, Human Resources, Accounts Receivable dealing with customer credit card payments, the CTO office and others.
The UCSniff tool is available now for SIP and SCCP signaling protocols. A future version will allow testing VoIP Video calls on the Windows OS.
More information about the UCSniff tool is available here, along with a link to download UCSniff, under the GPLv3 License, to test enterprise VoIP networks.