Security Company Announces Four Vonage Vulnerabilities - Open Networks Today

« INTEROP: NAC Frustration is Mounting | Main | Device Driver Updates Deactivate Vista »

October 24, 2007

Security Company Announces Four Vonage Vulnerabilities

Sipera says it has found a number of vulnerabilities in pieces of Vonage’s VoIP implementation:

“Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and VoIP scams.”

Vonage VoIP phone adapter vulnerable to server impersonation (link)
Vonage SIP servers vulnerable to registration replay attack (link)
Vonage voice conversation may be vulnerable to eavesdropping (link)
Vonage VoIP phone adapter vulnerable to flood Denial of Service attack (link)

(via Reuters, which says Vonage has no comment.)

Tags: security, voip, vonage

E-mail

0 Comments

Digg This

add to del.icio.us

Posted by mhall at 6:50 PM | Add Comment

Leave a comment

NEWSLETTER

Be a Marketplace Partner

RECENT ENTRIES

ARCHIVES

MONTHLY ARCHIVES

August 2008

July 2008

June 2008

May 2008

April 2008

March 2008

February 2008

January 2008

December 2007

November 2007

October 2007

September 2007

August 2007

July 2007

internet.commerce

Partner With Us

BLOGROLL

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: RODCs Transform Branch Office Security Microsoft Article: Security Enhancements Abound in Windows Server 2008 Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows		Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
HP Webcast: Disaster Recovery Planning HP Video: StorageWorks EVA4400 and Oracle		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook		Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
Microsoft Article: Silverlight Streaming--Free Video Hosting for All Featured Algorithm: Intel Threading Building Blocks - parallel_reduce		HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES