|
From Monsters and Critics.com Tech News Sipera Systems recently disclosed a few vulnerabilities in Vonage, Globe7, and Grandstream VoIP equipment. While this is serious, the news release and research is being questioned, not for lack of facts but because the company who released these warnings sells equipment designed to protect VoIP customers from these forms of attacks. Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to different attacks; likewise, these same attacks exist on the other provider’s network and equipment. Taking Vonage as a single example, there were four disclosures from Sipera yesterday. The first deals with Spoofing warning that the Vonage Motorola phone adapter is vulnerable to an attacker sending SIP INVITE messages directly to Vonage customers. Vonage uses IETF Session Initiation Protocol (IETF SIP) to initiate voice conversations between two users. When the Vonage customer receives a phone call, the SIP message provides information about the person calling. However, Sipera warns, the Vonage Motorola phone adapter does not authenticate the INVITE received from the server. “…an attacker or spammer can send a SIP message directly to a Vonage customer, with from IP address spoofed to be the server’s IP address leaving Vonage customers vulnerable to a variety of unsuspected attacks.” Another Vonage warning explains that conversations and video may be overheard, “Vonage uses RTP protocol to transport packetized voice conversation over IP network. However, this RTP is not encrypted leaving it vulnerable to reconstruction after capturing from the network. This compromises confidentiality of the communication. Additionally, availability of several free tools to reconstruct media from captured RTP packets further increases the threat.” The final two vulnerabilities deal with denial of service and authentication issues. “In order to keep the Vonage service uninterrupted, the Vonage phone adapter sends a SIP REGISTER message every twenty seconds to the Vonage server,” the disclosure says. However, because the server challenges only the initial REGISTER message subsequent registrations are accepted without authentication. This can be exploited by an attacker who can replay a Vonage subscriber’s REGISTER message with spoofed IP address and send it to the server. “Additionally, it is possible to change contents of the replayed REGISTER message before sending it to the server,” Sipera adds. Each of the disclosures explains what is wrong and exactly what needs to happen in order to correct these issues. The problem is that Sipera sells equipment that detects and corrects exactly these types of issues. Not a good start to a security research and disclosure blog and service they call Sipera Viper. On a corporate level, these issues are resolved before VoIP is deployed into the infrastructure, simply because the network administrator will know ahead of time to research and properly manage VoIP. However, this is not always the case, so that not only makes the service from Sipera valuable it makes their research critical. On a personal level, the home user might not be aware of these issues, which makes this type of security the responsibility of the provider or vendor. Vonage has not responded to Sipera, or Reuters when asked for comment. Sipera warned Vonage last month about the issues and since then no patches or firmware upgrades have been released. Is this a case of product pimping? Sipera is relatively new to the security world; founded in 2003 Sipera Viper has located several “thousand” flaws in VoIP each addressed in their own line of security appliances. (Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER) If there is no marketing involved, and Sipera simply wants to raise awareness then one has to wonder why the companies named have not responded. © Copyright 2007 by monstersandcritics.com. This notice cannot be removed without permission. |