Vonage Users Vulnerable to Exploits

According to a report released today by VoIP security firm Sipera Systems, Internet phone service company Vonage may be vulnerable to attacks by hackers through a variety of different means including eavesdropping, spam, spoofing and denial-of-service (DoS) attacks. The security company stated that it had informed Vonage of the problem more than a month ago, but that the company had not responded to the warning. Vonage spokesman Charles Sahner declined comment.

The Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user's phone service with a "registration replay attack" and then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of "ringing the phone off the hook" which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and VoIP scams.

News source: Reuters
View: Sipera Press Release on TechWeb
View: Sipera VIPER Labs

Report a problem with article
Previous Story

Microsoft Clinches Facebook Deal

Next Story

Dell Pledges to Restore x64 Drivers

5 Comments

Commenting is disabled on this article.

Dear.......,

Thank you for contacting Customer Care.

I understand you are concerned about the security of Vonage Internet traffic over the Internet.

Vonage employs best of breed security measures. A Vonage customer's account and phone numbers are protected by a unique security key that is used to authenticate phone calls from the customer's account. Therefore, your identity and profile information is secure.

Similar to traditional phone calls, Vonages voice packets are not encrypted. However, due to the nature of how data packets are sent over the Internet, it is very difficult to reassemble such packets and listen to an actual conversation.

If you have any questions, your Vonage team is available to assist you from 8 a.m. to midnight, 7 days a week. Contact us whenever and however it suits you!

- On-Line Help Centre at http://www.vonage.co.uk/help.php
- Contact Us at http://www.vonage.co.uk/help_contactus.php
- Or call us free by dialling 150 from your Vonage line or FreePhone 0800 008 6000

Thanks again for choosing Vonage, a better phone service for less!

Sincerely,

Vonage Customer Care

I have sent an email to Vonage asking what they intend to do about this issue. Will post back here details, if any, of emails received.

You're right, they just can't get a break. Verizon totally screwed them over. Or maybe it was the legal system that did. Anyways, I can see them getting bought by some of the other companies out there soon.

Don't be surprised the Telcos are behind this scam to further squash vonage. They will use all kinds of tactics. just like the RIAA uses hackers to do theirs. SHAme!