[b]How secure i am as a vonage customer??[/b]

Posts: 2 · New Forum Member Joined: Apr 30, 2008 Posts: 2

I have been a VONAGE customer about 8 months and for some security reasons I started to doubt about my VoIP service. I have read couple of webbsite about how secure VONAGE is. and all of them showed that VONAGE isn't safe at all. Here is a quote from one of the webpages--
"Unsuspecting Vonage users might find themselves vulnerable to account hijacking, eavesdropping and denial-of-service (DoS) attacks, Sipera System's VIPER lab said last week.
"These attacks actually do happen out in the wild," said Eric Winsborrow, Sipera's chief marketing officer. He said many of these exploits were straightforward and preventable if proper security protocols were followed.

Possibly the most serious of the vulnerabilities was the ability of an attacker to forge a user's identity and take over his session -- a registration replay attack.

"Vonage doesn't do a lot of authentication or a lot of re-authentication," Winsborrow said. "Simply knowing the user's number and that they're online allows Vonage hijacking."

Most of the vulnerabilities are probably not limited to Vonage, but Sipera said it released the information a month after initially trying to get a response from Vonage on the vulnerabilities.

Charlie Sahner, a spokesperson for Vonage, said that Sipera is in the business of providing "VoIP solutions" and that Vonage declined to be a customer of Sipera's products.

"VoIP systems like Vonage are actually more secure than landlines," he said.

Citing legal counsel, Vonage declined to comment further on the security allegations.

Nevertheless, Sipera labs said customers deserve the right to be educated about their security and privacy.

"Security devices are available to prevent all these," said Sachin Joglekar, vulnerability research lead at VIPER lab. Particularly disturbing, he said, was that the DoS attack required fewer than 10 connections per second to bring down an account."

Here are some security risks that has been found in VONAGE---
"Vonage VoIP phone adapter vulnerable to server impersonation [more] Spoofing 2007.10.24 High Vonage Motorola Phone Adapter (VT 2142-VD)
Vonage SIP servers vulnerable to registration replay attack [more] Weak Authentication 2007.10.24 Medium Protocol implementation in Vonage service
Vonage voice conversation may be vulnerable to eavesdropping [more] Eavesdropping 2007.10.24 High Vonage Motorola Phone Adapter (VT 2142-VD)
Vonage VoIP phone adapter vulnerable to flood Denial of Service attack [more] Hard Phone Denial of Service 2007.10.24 Medium Vonage Motorola Phone Adapter (VT 2142-VD)"
I am using this Phone adapter VT 2142-VD and after reading these articles I called Vonage and told them about everything and They keep telling me that THIS DEVICE IS SECURE. Then I did some research over online about this device and found that this device has serious security flaws. Now my question is that--- " After reading all these facts and articles about this vonage device and knowing that VONAGE isn't secure at all; should I continue using VONAGE? I am using NORTON 360 as my Internet security and using COMODO firewall and Norton firewall as my firewall program. After using there firewalls and internet security; Do you guys think that I should change my VONAGE device or should I completely switch out of VONAGE? Someone please reply about this Important issue. Thanks all in advance.

Posts: 1176 · Vonage Forum **MVM** Joined: Nov 08, 2006 Posts: 1176

First of all you need more than the person's number to get access to their account.

Has your account been hacked yet? Do you know of anyone being hacked?

I say Vonage is secure, then again I am not using any of those devices.

Posts: 174 · Vonage Forum Master Joined: Dec 06, 2006 Posts: 174

From the Sipera Systems website, "Sipera provides comprehensive VoIP security solutions to protect, control and enable real-time, unified communications."

To draw a quote from your post, "Charlie Sahner, a spokesperson for Vonage, said that Sipera is in the business of providing "VoIP solutions" and that Vonage declined to be a customer of Sipera's products."

Obviously Sipera Systems has a dog in this fight so anything that issues from them must be taken with a grain of salt. Rest assured that if Vonage went outside of their in-house security methods and procedures and retained the services of Sipera Systems, Sipera Systems' spokes folks would do a 360 degree turn around in their assessment of Vonage's security - all this without doing a thing.

It sounds like an attack campaign by Sipera Systems attempting to coerce Vonage into retaining its services.

I would rest assured that your connection is secure.

P.S. Don't be misled by Viper labs' or any of their spokes folks' assessment of the devices used by Vonage. After all, they are not independent sources but are owned by Sipera Systems. Just a single voice speaking through many mouths.

Posts: 12 · Vonage Forum Associate Joined: Feb 04, 2005 Posts: 12

VOIP is definitely more secure than landlines.

Posts: 13 · Vonage Forum Associate Joined: Dec 04, 2007 Posts: 13

Um, not for nothing, but if you are using a wireless phone, that, alone and by far, is your weakest security link. Especially if it's of the 2.4 Ghertz variety.

I can easily, quickly & with a very high degree of repeatability, listen into my neighbor's phone conversations using a 8 year old baby monitor.

Posts: 240 · Vonage Forum Master Joined: Mar 17, 2006 Posts: 240

fn_tool wrote:

I can easily, quickly & with a very high degree of repeatability, listen into my neighbor's phone conversations using a 8 year old baby monitor.

Only because your neighbor has an old analog cordless phone. Current phones (my 2.4 GHz is 4 or 5 years old) use spread-spectrum digital transmissions and can'tbe picked up by a baby monitor.

Posts: 13 · Vonage Forum Associate Joined: Dec 04, 2007 Posts: 13

To: pdhenry - you are very correct, but I still think that the weakest security link in using a VoIP service is the headsets at either end.

And after re-reading skboss' entry again, I can't take a person who runs multiple firewall solutions simultaneously very seriously.

That, of course, is only my very humble opinion.

Posts: 240 · Vonage Forum Master Joined: Mar 17, 2006 Posts: 240

I'm always very skeptical of a first-time poster who begins touting a specific product or supplier on any forum.

Posts: 2 · New Forum Member Joined: Apr 30, 2008 Posts: 2

I think that you should consider about what you are saying before calling me a TOUT and mentioning my post as a "touting post on a specific product or supplier on any forum." Hmmm Now my question is--- Was that something that u did on your first post? If you did then you shouldn't judge all person based on your category.

Posts: 240 · Vonage Forum Master Joined: Mar 17, 2006 Posts: 240

skboss wrote:

Now my question is--- Was that something that u did on your first post?

Nope.