Unedited news and product information from vendors.
Sipera VIPER Lab Reveals Top 5 VoIP Vulnerabilities in 2007
Dec 12, 2007 (08:12 AM EST)
RICHARDSON, Texas, Dec. 12 /PRNewswire/ -- Sipera VIPER(TM) Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today revealed the Top 5 VoIP Vulnerabilities in 2007. In assembling this list, the Sipera VIPER team reviewed 2007 vendor and media reports of known vulnerabilities and estimated the impact and potential of each major threat.
Sipera VIPER Lab determined the Top 5 VoIP Vulnerabilities for 2007 were: 1) Remote eavesdropping of VoIP phone calls, a practice that is exponentially easier in VoIP than with traditional PSTN telephone networks, and which represents a major breach of enterprise communications and security. 2) VoIP Hopping, one of the enablers of remote eavesdropping, but more critically compromises VLANs, that were previously trusted as providing VoIP security, by enabling a PC to mimic an IP phone so hackers can access VoIP systems. 3) Vishing, the practice of VoIP phishing, which enables hackers to spoof caller ID and present a fraudulent phone identity, causing some consumers to share sensitive, personal information, such as credit card numbers, with hackers masquerading as banking representatives. 4) Toll fraud, which allows unauthorized users to access enterprise VoIP networks and make calls, increasing VoIP costs and traffic. While there was a much publicized case in 2006, when the FBI charged two men with accessing VoIP networks and reselling minutes to unsuspecting "customers," toll fraud continues unabated, especially on VoIP networks with little authentication or call analysis. 5) The Skype worm, originally known as the w32/Ramex.A virus, spread via IM, which automatically stops access to security tools while it downloads to infected PCs, and changes the Skype user's status to "Do not disturb" so that other users cannot contact the infected user.
"While VoIP and Unified Communication adoption continues to grow, there is unfortunately no corresponding level of VoIP security to comprehensively protect VoIP networks, phones, users and enterprise data. VoIP and cell phone spam only represent the tip of the iceberg for security vulnerabilities, so it's important to expose these larger threats that emerged and escalated in 2007," said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. "By highlighting the Top 5 Vulnerabilities, issuing VIPER Lab Threat Advisories, and providing the Sipera IPCS product line, Sipera is helping enterprises and service providers secure their VoIP systems."
Sipera VIPER Lab is comprised of experienced VoIP security researchers operating globally 24/7/365. Since its inception in 2003, Sipera VIPER Lab has identified thousands of vulnerabilities and security threats which include fuzzing, floods and distributed floods, spoofing, stealth attacks and spam. VIPER Lab research is used to continuously improve the Sipera IPCS products that protect, control and enable real-time unified communications for enterprises and service providers. For Sipera VIPER Lab blog, Threat Advisories and RSS feeds, please visit http://www.sipera.com/viper .
About Sipera Systems
Sipera Systems provides enterprises and service providers with comprehensive VoIP/UC security solutions that protect, control and enable real-time unified communications. The Sipera IPCS(TM) products combine VPN, Firewall/SBC, Intrusion Prevention, Anti-Spam, Compliance and Troubleshooting functionality for VoIP systems in a single device. This securely enables IP PBXs, VoIP remote users, SIP trunks, data/voice VLANs, hosted VoIP services and IMS or UMA-based networks. Comprised of top vulnerability research experts, the Sipera VIPER(TM) Lab concentrates its efforts towards identifying VoIP vulnerabilities, while Sipera LAVA(TM) tools verify networks' readiness to resist attacks. Founded in 2003, and backed by Austin Ventures, DTEC, Sequoia Capital and Star Ventures, Sipera is headquartered in Richardson, TX. Visit http://www.sipera.com .
Sipera, Sipera logo, Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
CONTACT: Larry Bouchie, KMC Partners Public Relations, +1-617-758-4192, email@example.com, for Sipera Systems; Brendan Ziolo, Sipera Systems,+1-214-606-1080,
Web site: http://www.sipera.com//