Hackers Use Phone Call Attacks against Vonage Telephone’s
While leading VoIP Company, Vonage, tries to protect itself against AT&T's patent lawsuits, it is also at new risk of hackers.
VoIP security company, Sipera Systems, said in the fourth week of October 2007 that those who used VoIP equipment and services from Vonage, Grandstream and Globe7 could experience attacks of spam, spoofing, eavesdropping and DoS (Denial of Service).
Among several serious warnings, one is linked with the Motorola phone adapter that makes a connection between the telephone and the service of Vonage. The adapter, which is capable of authenticating the incoming SIP or Session Initiation Protocol call requests, leads one to think that miscreants could simply make a phone call to launch an attack, according to Sipera.
A Vonage subscriber, who answers a phone call, gets information about the caller via the SIP message, Sipera posted in its advisory. But here, the Motorola phone adapter connected to Vonage fails to verify the INVITE that the server sends. In such a situation, a spammer or an attacker can shoot a SIP message straight to a Vonage user, from a spoof IP address that pretends to be from the server, the advisory warned.
Besides the above kind of threats to subscribers of Vonage, Sipera VIPER Lab also discovered that Globe7's Internet account have potential vulnerabilities that occur from an insecure connectivity and/or a poor encryption system. In the absence of appropriate security, hackers may infiltrate a system and reach confidential information as an extra to the theft of VoIP service.
In another alert of high severity, Sipera cautions users about a possible tapping of Vonage calls by attackers. Researchers pointed that Vonage traffic often arrives on the Internet with the help of small unencrypted RTP parcels, which a third party could seize and rebuild.
According to Sipera Founder and CTO, Krishna Kurapati, these flaws create serious problems of service availability and privacy for users. InformationWeek published this on October 25, 2007. While customers of Vonage, Grandstream and Globe7 may not be sure that VoIP services are secured by default, they have a right to demand the best security prior to subscribing to the VoIP providers' services.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 12-11-2007