Some of you may remember Peter Cox who put out an eavesdropping tool SIPTap last November.
For those who have a short memory, SIPTap monitors “multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files.”
At the time, however, the tool didn’t appear to me to be much of a threat because it only worked on the VLAN it was attached to and only if it saw the traffic. Meaning that if you weren’t attached to a span port, a hub or used another tool such as Ettercap, you wouldn’t be able to do much recording.
BUT the tool served Peter Cox’s purpose. Apparently for some time now, Peter Cox has been preaching VoIP security to anyone who will listen… and if he’s like most IA people I know, anyone who doesn’t want to listen, but needs to. The tool, therefore, appeared to be aimed at educating people outside the IA world about the importance of VoIP security and how easy it is to eavesdrop on calls.
Now Peter Cox has started a new company UM Labs where his goal is to develop and deliver products that provide VoIP security in a world where the traditional security foundation of voice and data separation no longer apply.
They are already announcing three products described on the company’s website and here
New VoIP security products are always welcome and UM Labs appears to be looking towards the future to find ways to meet some of the upcoming security challenges of unified networks.