By Irwin Lazar, Principal Analyst and Program Director, Collaboration & Convergence, Nemertes Research Inc.

Aug. 11, 2006

At last week's BlackHat conference in Las Vegas, Mark Collier, CTO of SecureLogix (http://www.securelogix.com); and Dave Endler, Director of Security Research for Tipping Point, a subsidiary of 3Com (NASDAQ:COMS, http://www.3com.com) released a set of VoIP hacking tools in support of their forthcoming book, "Hacking Exposed VoIP" (ISBN: 0072263644). The release of these tools, coming just weeks after police in Miami broke up a ring defrauding VoIP service providers, serves to demonstrate a powerful message; that attacks against VoIP systems and services are not only possible, but can be expected to increase.

Collier and Endler's tools were notable in that their approaches relied as much on social engineering as the use of coded hacking tools. Their presentation also detailed numerous vulnerabilities in SIP (the Session Initiation Protocol) that could easily be exploited, and demonstrated how the increasingly popular Asterisk open source VOIP server could be used to launch numerous attacks. Collier and Endler released their tools to warn VOIP users against security complacency and raise awareness of VOIP vulnerabilities.

If you would like to receive our full Impact Analysis, sign up [1] for our weekly newsletters.