VoIP security notices show security remains a multi-vendor issue - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

VoIP & Convergence

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Nortel, Microsoft deliver UC products; CIOs prep for recession. Listen now!

Network World 360

DEMO '08: Toktumi eases VoIP for SMBs. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED WHITEPAPERS

Edison Group TCO White Paper HP

Edison analysts put the management software of an HP EVA system through a series of typical day-to-day storage management tasks. The same tasks were also evaluated on similar systems from NetApp and EMC. This study demonstrates how the superior user interface and virtualization offered by the HP EVA storage system can provide organizations with the benefits of higher administrative efficiency combined with the potential ability to utilize less expensive human resources.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

You can find related project managemen articles in - Anonymous

Join the Discussion

Partner Content
Foundry Networks

The Foundry Enterprise Advantage

Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.

For further information on Foundry Networks please click here.

Leveraging the Advantages
of a Multi-vendor Network Strategy

Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.

Click here to view whitepaper!

VoIP security notices show security remains a multi-vendor issue

* Threats to VoIP users include eavesdropping, spam, spoofing and denial-of-service attacks
Convergence & VoIP Alert By Steve Taylor and Larry Hettick , Network World , 11/05/2007
Steve Taylor
Sign up for this newsletter now!
  • Social Web 
  • Email 
  • Feedback 
  • Close

Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.

Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according to the lab’s test results.

The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”

The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report.

Additional details can be found here and are available for free as a public service offered by the Sipera.

1 | 2 |  Next >
Comments (1)
Login
Forgot your account info?

RE: VoIP security notices show security remains a multi-vendor issueBy shawn merdinger on November 9, 2007, 10:25 amToo bad SIPERA VIPER Lab doesn't provide too many technical details on their advisories -- this limits the ability to independently verify the VIPER Team findings...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code