Sipera VIPER Lab determined the VonageVoip Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of Voip identity theft, allowing hackers to take over a user’s phone service with a “registration replay attack,” then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of “ringing the phone off the hook” which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and Voip scams.
“These vulnerabilities create serious privacy and service availability issues for users,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “Vonage, Globe7 and Grandstream customers can no longer assume that their Voip providers are automatically securing their services, but they should demand best security practices be followed as a condition of becoming a customer. Sipera VIPER Lab will continue to proactively identify Voip threats and assist Voip providers to implement best security practices before attacks occur.”
Being a user of Motorola VT-2142, this report concerns me greatly. Does anyone else know anything about this. Vonage is reported to know about this, but hasn't responded as reported by Reuters.
_________________ Thomas Beem Las Vegas, NV ISP: Cox Communications 12 Mbps down/1.5 Mbps up Cable Modem: Scientific Atlanta Webstar DPC2100 Voip Device: VDV21-VD Setup: Modem --> Hawking HBB1 --> Vonage --> PC Customer Since: Oct. 9, 2006
According to the post at dslreports Vonage is not the only Voip provider that has this problem. They also suggest that encrypting Voip calls would solve the problem.
Almost any Voip service is vulnerable here. Of course, POTS is vulnerable too. The "Denial of Service" attack is equivalent to someone continually dialing our POTS phone number (or accidentally putting you in an auto-redial FAX, which I have had happen to me), which then results in you taking the phone off the hook and throwing it in a closet.
For the wiretap case - there's nothing in Voip that can't be done with some pretty simple equipment connected to the POTS network interface on the outside of your house.
Unless you are in the "security business", which these guys happen to be in, this comes out as a "so what"?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
All times are GMT - 5 Hours
Vonage Service Plans
Vonage VoIP Members
Members New behm27 New Today 2 Yesterday 3 Total 64296 Who Is On Site Visitors 159 Members 0 Total 159
1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.
2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.
HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments (for example, U.S. & Canada 300), all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.
Thinking of signing up for Vonage but have questions? Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074 No Vonage Promotional Codes or Coupon Codes are required at www.vonage.com.
The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal as a means to offset
our cost. If you are considering signing up for Vonage and have found our Vonage
News, Customer Reviews, Forums & all other parts of this site useful, please
use our Vonage FREE Month sign up offer Deal Coupon.
Vonage VoIP Phone Service is redefining communications by offering consumers & small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.40 Seconds and 208 Pages In The Last 60 Seconds The Vonage VoIP Forum
Members
New 
New Today 2
Yesterday 3
Total 64296
Who Is On Site
Visitors 159
Members 0
Total 159
-0.03