Feeds

UCSniff - VoIP eavesdropping made easy

Press 1 for CEO wiretap

Using blade systems to cut costs and sharpen efficiencies

A security consultant with expertise in protecting phone conversations as they travel over the internet has unveiled a new tool that demonstrates just how vulnerable voice over internet protocol, or VoIP, calls are to interception.

UCSniff bundles a hodgepodge of previously available open-source applications into a single software package that helps penetration testers assess the security of VoIP calls carried over a client's network. It also introduces several new features that make eavesdropping on specific targets a point-and-click undertaking.

UCSniff runs on a laptop that can be plugged in to the ethernet port of the organization being probed. From there, a VLAN hopper automatically traverses the virtual local area network until it accesses the part that carries VoIP calls. Once the tool has gained unauthorized access, UCSniff automatically injects spoofed ARP, or address resolution protocol, packets into the network, allowing all voice traffic to be routed to the laptop.

UCSniff streamlines eavesdropping by allowing an attacker to zero in on the conversations of particular users. Targets can be selected by extension number or dial-by-name features, making it easy to listen to all calls made by a specific individual - such as an organization's CEO. Eavesdropping can be further fine-tuned by listening only to calls the CEO makes to a specific person - such as a chief financial officer.

"It's silently intercepting all the traffic and forwarding it to the phone, so a regular phone user would not be able to tell the difference," UCSniff creator Jason Ostrom told El Reg. "They think they're talking directly to the other phone when in fact the tool is actually intercepting all the traffic."

UCSniff also makes it easy to capture bi-directional conversations in a single audio file. It automatically records calls that use the G.711 and G.722 codecs.

Yes, the tool requires physical access to an organization's network, and that means remote eavesdropping isn't possible with UCSniff. But for anyone with access to an ethernet port of the company they want to intrude upon, it could prove invaluable. Ostrom says it can be plugged into hotel VoIP systems as well. Contrast this with the difficulty of snooping on traditional phone calls, which typically requires physical access to a private branch exchange.

Ostrom, who is director of research for security firm Sipera Systems, demonstrated UCSniff on Saturday at the Toorcon security conference in San Diego. He plans to release it as a free download in the next few weeks.

Given the ease of snooping on VoIP calls, you'd think organizations would be more diligent about using encryption. Alas, they aren't, says Ostrom, who estimates about 90 per cent of the organizations he tests still haven't figured out the importance of encrypting their calls. Therein lies his motivation for releasing UCSniff.

"I'd like to think that I'm creating this tool to create education awareness," he said. "It's a tool that every security and VoIP owner should have in their bag and that's why we're giving it away for free." ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.