By Sharla Sikes

Man, it has been a rough year for Vonage. It’s faced lawsuits from half the major telecom players and stock price woes … now a security breach may frighten more customers away.

Security firm Sipera says it informed Vonage of security risks that leave customers vulnerable to eavesdropping, spam, spoofing and denial-of-service attacks.  The Vonage VoIP Motorola Phone Adapter, equipment from Globe7 and Grandstream as well as Vonage’s service implementations put users at risk to a type of VoIP identity theft. Hackers can take over a phone service to make and receive calls, which opens up possibilities of spam, social engineering and VoIP scams.

The vulnerability comes from incomplete security practices including not encrypting traffic.

“These vulnerabilities create serious privacy and service availability issues for users,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “Vonage, Globe7 and Grandstream customers can no longer assume that their VoIP providers are automatically securing their services, but they should demand best security practices be followed as a condition of becoming a customer. Sipera VIPER Lab will continue to proactively identify VoIP threats and assist VoIP providers to implement best security practices before attacks occur.”

Globe7’s online account access provides a security risk for its users, due to unsecured connections and a weak encryption scheme.

Buffer overflows and other attacks can overcome the Grandstream HandyTone-488 PSTN-to-VoIP adapter.  

Meanwhile, the debate rages: Is Sipera just trying to sell its security systems to Vonage by raising a false alarm?

 Or is Vonage trying to save face by not acknowledging the problems exist? 

Related Content

Subscribe to the post comments feeds or Leave a trackback