YOU MIGHT HAVE thought that teleŽphones were safe from the data breaches that plague computers, but two demŽonstrations prove how easily criminals could eavesdrop on VolP (Voice over Internet Protocol) phone calls.

VolP giant Cisco confirmed a hack, using software called VolP Hopper, that would permit easy eavesdropping on some of its equipment. And another recent demonŽstration illustrated how a Trojan horse could be deployed to deliver software to eavesdrop inside a company or at an ISP.

Through VolP Hopper, hackers could supplant a VolP device on a network with a malicious PC, creating an aveŽnue for eavesdropping. With the other hack, SIPtap, a single Trojan horse-infected PC inside a company's network could provide access to that company's phone calls, or even access to all of an ISP's customers' calls. SIPtap can reŽmotely record multiple VoIP calls.

Cisco now provides workarounds to guard against the Hopper hack but the two proof-of-concept demonstrations show that VoIP eavesdropping is now well within reach of organized crime.

"Companies using VoIP internally think they are protected," comments SIPtap's creator, Peter Cox. "The threat is that an attacker engineers a Trojan and has it sit there passively [on an internal network], recording calls from anywhere on the Internet.'"

His advice: "Apply the same vigor when building a VoIP network [as] you would when building a Web site."