Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/12/2007
01:37 AM
50%
50%

Sipera Reveals Top Five VOIP Vulnerabilities

Remote eavesdropping and VOIP hopping, vishing, skype worm, and toll fraud threaten users, enterprises, and service providers

RICHARDSON, Texas -- Sipera VIPER™ Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today revealed the Top 5 VoIP Vulnerabilities in 2007. In assembling this list, the Sipera VIPER team reviewed 2007 vendor and media reports of known vulnerabilities and estimated the impact and potential of each major threat.

Sipera VIPER Lab determined the Top 5 VoIP Vulnerabilities for 2007 were:

  1. Remote eavesdropping of VoIP phone calls, a practice that is exponentially easier in VoIP than with traditional PSTN telephone networks, and which represents a major breach of enterprise communications and security.

  2. VoIP Hopping, one of the enablers of remote eavesdropping, but more critically compromises VLANs, that were previously trusted as providing VoIP security, by enabling a PC to mimic an IP phone so hackers can access VoIP systems.

  3. Vishing, the practice of VoIP phishing, which enables hackers to spoof caller ID and present a fraudulent phone identity, causing some consumers to share sensitive, personal information, such as credit card numbers, with hackers masquerading as banking representatives.

  4. Toll fraud, which allows unauthorized users to access enterprise VoIP networks and make calls, increasing VoIP costs and traffic. While there was a much publicized case in 2006, when the FBI charged two men with accessing VoIP networks and reselling minutes to unsuspecting “customers,” toll fraud continues unabated, especially on VoIP networks with little authentication or call analysis.

  5. The Skype worm, originally known as the w32/Ramex.A virus, spread via IM, which automatically stops access to security tools while it downloads to infected PCs, and changes the Skype user's status to "Do not disturb" so that other users cannot contact the infected user.

    “While VoIP and Unified Communication adoption continues to grow, there is unfortunately no corresponding level of VoIP security to comprehensively protect VoIP networks, phones, users and enterprise data. VoIP and cell phone spam only represent the tip of the iceberg for security vulnerabilities, so it’s important to expose these larger threats that emerged and escalated in 2007,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “By highlighting the Top 5 Vulnerabilities, issuing VIPER Lab Threat Advisories, and providing the Sipera IPCS product line, Sipera is helping enterprises and service providers secure their VoIP systems.”

    Sipera Systems

    Comment  | 
    Print  | 
    More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18178
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVE-2020-20214
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20222
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20236
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20237
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.