informa
3 min read
article

Sipera VIPER Lab Releases UCSniff To Test for Targeted VoIP Eavesdropping

Sipera's new application determines if enterprise VoIP networks are vulnerable to targeted eavesdropping and recording
Richardson, TX, November 11, 2008 - Sipera Systems, the leader in real-time Unified Communications (UC) security, today announced its VIPER Lab released UCSniff, a free application that enables enterprises to determine if their VoIP networks are vulnerable to targeted eavesdropping. Jason Ostrom, Director of VIPER Lab, first publicly demonstrated UCSniff in September at the ToorCon X Conference, reviewing how administrators can validate this vulnerability, imitate an enterprise IP phone, download a corporate directory, then automatically monitor and record confidential conversations by targeting key employees and departments.

More information about the UCSniff tool is available at www.sipera.com, along with a link to download UCSniff, under the GPLv3 License, to test enterprise VoIP networks.

"UCSniff is an assessment tool that helps demonstrate vulnerabilities in VoIP design and implementation. It was born from the concept of combining targeted attacks against VoIP users along with the corporate directory, intelligent VLAN support, and man-in-the-middle features," said Ostrom.

The security and regulatory compliance implications are significant for VoIP eavesdropping, especially given the ability for outside hackers to access corporate directories and use that information to target and automatically record conversations between CEOs, CFOs, Corporate Counsel and outside law firms or patent offices, sales executives, Human Resources, Accounts Receivable dealing with customer credit card payments, the CTO office and others.

The UCSniff tool is available now for SIP and SCCP signaling protocols. A future version will allow testing VoIP Video calls on the Windows OS. UCSniff is one of several VoIP/UC vulnerability testing applications offered by Sipera VIPER Lab, which will release others in the coming months.

Over the past four years, Sipera VIPER Lab has identified thousands of VoIP and UC vulnerabilities, most of which cannot be addressed by traditional data security measures. As an educational security service to Sipera's customers and the general public, Sipera VIPER Lab releases free vulnerability testing tools, and has published threat advisories, at http://www.sipera.com/viper. The Sipera IPCS products are comprehensive, real-time Unified Communications security solutions that simplify and protect VoIP and UC over any network and to any device. Backed by the extensive vulnerability research of Sipera VIPER Lab, the Sipera IPCS(tm) products provide threat protection, policy enforcement, access control, and privacy in a single, real-time appliance. The product family spans four systems supporting 200 to 50,000 users. About Sipera Systems Sipera Systems, the leader in real-time UC security, enables enterprises to simplify and confidently deploy their VoIP and unified communications over any network to any device while service providers can protect and quickly offer new IP-based communication services. Backed by the extensive vulnerability research of the Sipera VIPER Lab, the Sipera IPCS(tm) products provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance. For more information, visit http://www.sipera.com.

Sipera, Sipera logo, Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Media Contact: Larry Bouchie, TurboPR, 781-454-5287, [email protected]