Beware: VoIP-Hacking Toolkit Hits The Net

A hacker's toolkit of 14 programs designed to test VoIP security has just been released at the Black Hat security conference. The tools were designed so that security pros can test the safety of their networks. But you can be sure that hackers are licking their chops at getting their hands on this one. The tools were released by Dave Endler, director of security research at TippingPoint. The tools can launch a variety of VoIP system attacks, including rebooting phones, overloading phones or VoIP exchanges with traffic, reassigning devices to different users, and more.

Endler told CNet that the tools are aimed at helping administrators test the security of their systems. But he added, "Releasing any security tools is a double-edged sword in that you can't restrict who has access."

In other words, hackers will get their hands on these things as well.

Should the tools have been released, considering that they may be put to evil use?

Absolutely. One way or another, hackers would have created tools like these on their own, and security professionals would have had a hard time getting them. With this public release, security folks have the tools they need to test their networks, and design network protection.For now, don't expect the tools to be used much. They all target systems that use the Session Initiation Protocol (SIP), and not many VoIP phones or systems use SIP yet. But in the future, as SIP becomes the dominant standard, they'll become more important.

And then it's time to watch out --- or better yet, to use the tools to protect your VoIP network.