 |
 |
    |
Vonage VoIP phone adapter vulnerable to server impersonation
OverviewThe Vonage service used for phone conversations is vulnerable to an attacker sending SIP INVITE messages directly to Vonage customers. ImpactVonage customers can receive phone calls directly from an attacker. This leaves the Vonage customer subject to spam, social engineering vulnerabilities, and scams. Description
Vonage phone service is a popular commercial voice over IP telephone service. It uses IETF Session Initiation Protocol (IETF SIP) to initiate voice conversations between two users. When the Vonage customer receives a phone call, the SIP message provides information about the person calling. However, the Vonage Motorola phone adapter does not authenticate the INVITE received from the server. Consequently, an attacker or spammer can send a SIP message directly to a Vonage customer, with from IP address spoofed to be the server’s IP address leaving Vonage customers vulnerable to a variety of unsuspected attacks. Solution
The client should authenticate SIP requests received from the server IP address. For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
Unified Communications Unleashed
Sipera Systems is the worldwide market leader in solutions for the rapid and simple adoption of Unified Communications (UC).
Thousands of users around the globe rely on Sipera to secure VoIP, IP video, collaboration, messaging and dozens of other high-performance applications.
Sipera’s groundbreaking “Borderless UC” enables controlled communications to any device in any location.
Years of UC Security experience is contained in Sipera unified communications (UC-Sec) products. These appliances benefit from the research conducted by Sipera VIPER Lab to provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance.