VoIP protection Vulnerabilities Revealed

April 03rd, 2008 | Category: Technology News

More than 100 vulnerabilities exist in voice-over-IP (VoIP) hardware from vendors including Avaya, Cisco and Nortel, according to research from VoIPshield Laboratories. These vulnerabilities could be exploited by attackers to spy on companies by recording calls or even extort money from providers by threatening service outages, the company says. But VoIP product vendors say that the instant danger is minimal.

Researchers at VoIPshield Laboratories, the research division of VoIPshield Systems, which provides protection products for VoIP setups, have notified affected vendors and offered to help determine remediation measures, according to the company. The three VoIP vendors were chosen “because of their popularity in the North America market,” according to the company, but other vendors, including VoIP newcomer Microsoft, will likely come under scrutiny as well.

The vulnerabilities are presented on the company’s Web site and are “categorized based on the exploit’s most likely intent: unauthorized access, cipher execution, denial of service or data harvesting.” Searches by

vendor are possible, and severity ratings and vendor responses and actions are additionally noted.

The research located 27 separate vulnerabilities in Cisco devices, most from its Unified Communications Manager line. A dozen vulnerabilities were identified in Avaya’s Communications Manager products, and five in several Nortel devices.

No Actionable info

Kevin Flynn, senior marketing manager at Cisco for Secure Unified Communications, told us that the company was aware of the issues mentioned by VoIPshield and has been in contact with its researchers for several weeks. “It is not strange for researchers to bring possible vulnerabilities to Cisco’s attention. We work with the outside party to identify the precise cause of the vulnerability. We thereupon release a software patch or other mitigation techniques to our customers,” he said.

Despite the severity rankings about the vulnerabilities, Flynn said “there is a range of seriousness to the vulnerabilities mentioned…

Orginal post by Top Tech News

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists

Related Articles
  • Forget iPhone: iPod Touch Supports VoIP Calls
  • Tatung VoIP Concept
  • Microsoft Patches 20 Vulnerabilities and Debuts Index
  • Jajah developing iPhone VoIP app for Summer release
  • Patch Tuesday Addresses Client-Side Vulnerabilities

    • No comments yet. Be the first.

    Leave a reply