Source: snapvoip.blogspot.com

Sipera, the VoIP security firm that I saw first at BlackHat 2007 has warned VoIP firms before disclosing the vulnerabilities. There are multiple vulnerabilities, advisories and they are listed here.

The tests focused specifically of residential and SMB VoIP service and equipment. I was surprised to find strong authentication, signaling security, and media encryption were lacking, looks like everybody is following Microsoft. Get it Out there first and then we fix it as troubles jump up.

So what does these vulnerabilities do to users? spoofing, eavesdropping, and remote exploits are some of the possibilities.

I will write later today about what you should be looking in VoIP Security.

Following is the news release by Sipera;

Richardson, TX, October 23, 2007 – Sipera VIPER™ Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today disclosed multiple threat advisories for users of VoIP services and equipment from Vonage, Globe7 and Grandstream. Among other threats, unwitting VoIP users face eavesdropping, spam, spoofing and denial-of-service (DoS) attacks. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public at http://www.sipera.com/viper.

Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a “registration replay attack,” then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of “ringing the phone off the hook” which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and VoIP scams.

“These vulnerabilities create serious privacy and service availability issues for users,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “Vonage, Globe7 and Grandstream customers can no longer assume that their VoIP providers are automatically securing their services, but they should demand best security practices be followed as a condition of becoming a customer. Sipera VIPER Lab will continue to proactively identify VoIP threats and assist VoIP providers to implement best security practices before attacks occur.”

Sipera VIPER Lab also found issues with European provider Globe7’s online account access, as a result of utilizing unsecured connections and employing a weak encryption scheme. This allows hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user. Likewise, Sipera VIPER Lab established the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users.

Sipera VIPER Lab is comprised of experienced VoIP security researchers operating globally 24/7/365. Since its inception in 2003, Sipera VIPER Lab has identified thousands of vulnerabilities and security threats which include fuzzing, floods and distributed floods, spoofing, stealth attacks and spam. VIPER Lab research is used to continuously improve the Sipera IPCS products that protect, control and enable real-time unified communications for enterprises and service providers. Sipera VIPER Lab also recently launched a blog to discuss ongoing VoIP attacks and VoIP/UC vulnerabilities at http://www.sipera.com/viper/blog.

Source: voip-tech.blogspot.com

Globe7 results to be, by the website My VoIP Provider, the world’s best VoIP provider, according to rates and the service provided.
Globe7 offers a free software downloadable from the official website compatible with PC (Windows 2000/XP/Vista/Linux) and Macintosh that propose features and functionality similar to Skype™, as the possibility to make videocalls, free calls from PC to PC, SMS sending, file transfer, also it’s present a IPTV service to freely watch videos and TV broadcasted in streaming over the Internet.
The rate for one minute of a PC to landline or a cellphone call in the U.S. is 0,01 USD; the rates for all worldwide destinations are available in this page; besides, if you register an account as "Gold Member" you get a free US phone number.

Source: voipcentral.org

Globe7 has clicked up to hit the VoIP market with its latest Globe7 3.0 soft phone that offers free minutes in exchange for watching IP video feeds.

Globe7 3.0 soft phone is an ad-supported model for the desktop that enables users to download real-time video feeds like movie trailers, news and sports.

The unique feature of the soft phone is that the more video is viewed, the more minutes are added to the users VoIP account.

Globe7 has introduced this system earlier this month and recorded around 18 million downloads of the software. It charges no registration fee and no monthly fee.

The Company statement says,

You have Vonage, which has no ad-revenue model and has acquired about 3 million users. But they lost $190 million last year. And then you have Skype, which gives most of its service away for free, and I think we learned in the dot-com bust that free is not a viable business model. At some point, you have to pay for things like call termination, long-distance fees.

With this latest model Globe7 is poised to give a tough challenge to the established VoIP giants like Skype and Vonage.

Read