VoIP security notices show security remains a multi-vendor issue

Threats to VoIP users include eavesdropping, spam, spoofing and denial-of-service attacks

VoIP, unified messaging, products and services

Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.

Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according to the lab’s test results.

The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”

The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.

Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according to the lab’s test results.

The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”

The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report.

Additional details can be found here and are available for free as a public service offered by the Sipera.

The second security threat disclosed last month was posted after two hackers gained access into a hotel’s corporate network using a Cisco VoIP phone. The two hackers, who were attending the ToorCon9 in San Diego, said they were able to access the hotel's financial and corporate network and recorded other phone calls, according to a blog on Wired.com. They used penetration tests “propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at 3 minute intervals and then trades a new Ethernet interface, getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP,” according to the blog post.

More details on their attack, along with some blogger comments can be found here.

Our comments: While VoIP can be solved, the first step in finding the solution is finding the problem. Our hats off to those who help others by identifying potential VoIP security weaknesses so the problems can be proactively addressed.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Larry Hettick is a principal analyst at Current Analysis.