VoIP security notices show security remains a multi-vendor issue

* Threats to VoIP users include eavesdropping, spam, spoofing and denial-of-service attacks

Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.

Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according to the lab’s test results.

The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”

The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report.

Additional details can be found here and are available for free as a public service offered by the Sipera.

The second security threat disclosed last month was posted after two hackers gained access into a hotel’s corporate network using a Cisco VoIP phone. The two hackers, who were attending the ToorCon9 in San Diego, said they were able to access the hotel's financial and corporate network and recorded other phone calls, according to a blog on Wired.com. They used penetration tests “propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at 3 minute intervals and then trades a new Ethernet interface, getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP,” according to the blog post.

More details on their attack, along with some blogger comments can be found here.

Our comments: While VoIP can be solved, the first step in finding the solution is finding the problem. Our hats off to those who help others by identifying potential VoIP security weaknesses so the problems can be proactively addressed.

Editor's note: Starting the week of  Nov. 12, you will notice a number of enhancements to Network World newsletters that will provide you with more resources and more news links relevant to the newsletter's subject. The Convergence & VoIP Newsletter, written by analysts Steve Taylor and Larry Hettick, will be merged with the VoIP News Alert and will be newly named the Convergence & VoIP Alert. You'll get Steve and Larry's analysis of the convergence and VoIP market, which you will be able to read in full at NetworkWorld.com, plus links to the day's convergence news and other relevant resources. This Alert will be mailed on Mondays and Wednesdays. We hope you will enjoy the enhancements and we thank you for reading Network World newsletters.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT