CONTACT SALES
Internet Telephony Product of the Year

Sipera VIPER Lab Identifies Aastra, Polycom and Snom VoIP Phone Vulnerabilities

Vulnerabilities Expose Users to DoS, Unwanted Reboots, Uninitiated Toll Calls, and Allow Access to Private Call Records

Richardson, TX, May 15, 2007 – Sipera VIPER™ Lab, operated by Sipera™ Systems, the leader in pure security for VoIP, mobile and multimedia communications, today disclosed six threat advisories, and potential solutions, for SIP-based VoIP phones from Aastra®, Polycom® and Snom.  These threat advisories are in addition to the WiFi/dual-mode phone and general SIP vulnerabilities published earlier this spring by Sipera VIPER Lab.

The major threat advisories that affect these SIP phones include:

  • An improper error handling vulnerability in Aastra 9112i SIP phones, which may allow remote attackers to cause denial of service.
  • A format string vulnerability in Aastra 9112i SIP phones, which may allow remote attackers to cause denial of service.
  • A buffer overflow vulnerability in Polycom SoundPoint® IP 601 SIP phones, which may allow remote attackers to cause denial of service.
  • A vulnerability in HTTP service of Polycom SoundPoint IP 601 SIP phones, which may allow attackers to remotely reboot the phone.
  • An information leak vulnerability in Snom-320 SIP phones, which may allow remote access to users’ private call records.
  • A weak authentication vulnerability in Snom-320 SIP phones, which may allow a remote attacker to misuse the phone, causing multiple enterprise phones to ring simultaneously, or initiating costly toll calls on behalf of unsuspecting users.

Unlike PCs and laptops, IP handsets act as servers on the network since they need to answer calls.  With multiple open ports and services running on thousands of these IP handsets in the enterprise, they can be easily exploited by hackers and malicious users,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab.  “As an example, one vulnerability exposed today could open an executive’s private call records, which would be particularly problematic for these organizations.  Sipera works with its customers and vendors to identify and address these vulnerabilities before they become a major issue.”

Sipera VIPER Lab proactively identifies VoIP/unified communication threats, and is comprised of experienced VoIP security researchers operating 24/7/365 from Richardson, Texas, and Hyderabad, India.  Every day, the dedicated VIPER Lab researchers identify new vulnerabilities and potential exploits in VoIP protocols, infrastructure and devices. Vulnerabilities are posted at http://www.sipera.com/viper as an educational service to Sipera’s customers and the general public.

Since its inception in 2003, Sipera VIPER Lab has identified thousands of potential security threats and vulnerabilities. The most common network threats include fuzzing, reconnaissance, floods and distributed floods, while end users are most often targeted for misuse/spoofing, stealth attacks and spam.  VIPER Lab research is used to continuously improve the Sipera IPCS product line that enables, controls and protects real-time unified communications for enterprises and service providers.

About Sipera Systems
Sipera Systems provides enterprises and service providers with comprehensive VoIP security solutions that protect, control and manage real-time unified communications. The Sipera IPCS™ products combine VPN, Firewall/SBC, Intrusion Prevention, Anti-Spam, Compliance and Troubleshooting functionality for VoIP systems in a single device. This securely enables IP PBXs, VoIP remote users, SIP trunks, data/voice VLANs, hosted VoIP services and IMS or UMA-based networks. Comprised of top vulnerability research experts, the Sipera VIPER™ Lab concentrates its efforts towards identifying VoIP vulnerabilities, while Sipera LAVA™ tools verify networks’ readiness to resist attacks.  Founded in 2003, and backed by Sequoia Capital, Austin Ventures and Star Ventures, Sipera is headquartered in Richardson, TX. Visit http://www.sipera.com.

 

Sipera, Sipera logo, Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

 

Media Contacts:

Larry Bouchie, KMC Partners Public Relations, 617-758-4192, larry@kmcpartners.com

 

Brendan Ziolo, Sipera Systems, 214-606-1080, bziolo@sipera.com

UC Security Defined
Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab, Sipera's solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance.

© Copyright 2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.