With VoIP technology becoming more and more prevalent, we have to get used to a curious dichotomy in the way people think about and deal with the new communications environment. On the one hand, VoIP is a flexible Internet system which allows many different applications to be built on top of it in order to enhance productivity at the workplace. On the other hand, this same flexibility can allow hackers to take advantage of poorly secured VoIP systems and misuse them. So its a double edged sword. Sure, the regular PSTN systems could also be hacked on unsecured lines, but you needed specialized hardware and know how. With VoIP, you can listen in using just a computer and a downloaded software program as we’ll see in this article.
But again, there can be a lot of legitimate reasons for this kind of recording. Businesses might find this to be a great feature where recording conversations can save them from legal challenges later on and even help them with their training purposes.
One such software called “Cain & Abel” can be used to easily sniff out VoIP traffic between two computers. Due to the different ways in which VoIP works, there can be different types of set ups. If you’re running a windows machine on which the softphone software is installed and which you use to make SIP calls, you just need to install Cain on that system and set it up to record all VoIP conversations. It can decode a large number of codecs – though codecs which are proprietary like Skype for example cannot be monitored.
There are even ways to record conversations between computers or softphones on the same network even when you don’t have access to them. A technique called ARP poisoning makes it easy to do this though it’s probably illegal no matter where you live and should only be used when you have authorization to do so.
Secure VoIP systems such as VPNs can however use encryption to defeat such sniffing software. The challenge is to ensure that VoIP recordings can only take place by authorized personnel and not by anyone else. Now that voice communication has entered the IT realm, we see the familiar battle between hackers and security experts – and there will be many systems which can be compromised and don’t follow proper security.
So ask your ITSP for the security measures they have in place to protect you from such “man in the middle” attacks.