SPOTLIGHT: UCSniff VoIP security tool officially unveiled
If you haven't worried enough about VoIP security, UCSniff has been released officially by the Sipera Viper Lab.
First unveiled at the Toorcon security conference in late September, UCSniff allows you to target users based on corporate directory and/or extensions, record entire voice conversations, discover and hope VLANs, perform man-in-the-middle (MitM) redirection and plenty more. Sipera has now made the tool available for public download, so, if you want to really torque off your security and IT people, you could record and email them a couple of their phone calls.
If you want really scary/really paranoid thoughts, since UCSniff (and of course, a lot of other security tools) are written in C and available for Linux systems, an attacker could buy a $300 Netbook, install it in a phone closet somewhere, and with a little hackwork, record and email your conversations outside the office.
Hmm, maybe its time to re-install the old key system...
- Read the quick blog post at Dark Reading.