There are a lot of businesses we service with our Technical Surveillance Counter-Measure (TSCM) services that could be taking advantage of there IP infrastructure and encrypting VoIP communications to secure VoIP telephone.
It is easy enough to inspect a VoIP telephone and to connect a Time Domain Reflectometer to a data cable to check for taps, bridges or splices along the cable, although to run these tests involves disconnecting any power source from the data cables so the Time Domain Reflectometer can be used to inject a signal into the data cable for further analysis.
It is practical to use an encrypted data transmission pathway for VoIP secure telephone communications.
With encrypted data transmissions, one doesn't need to continually check data cables that need power isolated in a Technical Surveillance Counter-Measures inspection.
There are some problems with VoIP latency and encrypted data transmission makes the latency period slightly longer for data transfer, although this is improving.
Here is an interesting article below relating to hacking IP voice & video in real time which shows you how easily the process is undertaken.
Regular TSCM servicing can't guarantee protection against real time hacking of the IP infrastructure; this is why encrypted data transmissions should be used.
PJL
=============================================
Corporate video conferences can still be easily hacked by insiders using a freeware tool that allows attackers to monitor calls in real-time and record them in files suitable for posting on YouTube.
more
PJL 23rd September 2010
