VoIP security notices show security remains a multi-vendor issue
Threats to VoIP users include eavesdropping, spam, spoofing and denial-of-service attacks
Convergence & VoIP Alert
By
Steve Taylor
and
Larry Hettick
,
Network World
, 11/05/2007
Sign up for this newsletter now!
Steve Taylor and Larry Hettick offer news and analysis on the latest in IP convergence from fixed-mobile convergence, presence management, IP video and unified communications.
- Share/Email
- Tweet This
- Print
Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed
multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats,
VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued
by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.
Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations
leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration
replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the
lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE
messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according
to the lab’s test results.
The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to
attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account
balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”
The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows
and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect
legitimate Grandstream users,” according to the report.
Additional details can be found here and are available for free as a public service offered by the Sipera.
The second security threat disclosed last month was posted after two hackers gained access into a hotel’s corporate network using a Cisco VoIP phone. The two hackers, who were attending the ToorCon9 in San Diego, said they were able to access the hotel's financial and corporate
network and recorded other phone calls, according to a blog on Wired.com. They used penetration tests “propounded by a tool
called VoIP Hopper, which mimics the Cisco data packets sent at 3 minute intervals and then trades a new Ethernet interface,
getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP,” according to
the blog post.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Larry Hettick is a principal analyst at Current Analysis.
Comments (1)
RE: VoIP security notices show security remains a multi-vendor issueBy shawn merdinger on November 9, 2007, 10:25 amToo bad SIPERA VIPER Lab doesn't provide too many technical details on their advisories -- this limits the ability to independently verify the VIPER Team findings...
Reply | Read entire comment
View all comments