Credit: SC MagazineUS.com
The Voice over Internet Protocol (VoIP) products of Avaya, Cisco and Nortel are filled with more than 100 vulnerabilities, according to a report from VoIPshield Laboratories, the research arm of security startup VoIPshield Systems.
The flaws could be exploited by a hacker to extort users via denial-of-service threats, industrial espionage through call recording, or identity theft by stealing sensitive customer information, according to VoIPshield.
VoIPshield said it notified the vendors of its findings earlier this year. Under the terms of the company’s disclosure policy, VoIPshield is working with the three vendors to help recreate the vulnerabilities in their own test labs. It is also offering its services to assist the trio to find fixes for the bugs.
“The message is: enterprises need to take VoIP security seriously,” Rick Dalmazzi, president and chief executive officer of VoIPshield, told SCMagazineUS.com. “For all the money and attention given to data security, people are putting in VoIP systems and not securing them anywhere near what they’re doing with their data systems.
The vulnerabilities in the three companies’ products could allow an attacker to take over a VoIP phone system, use the phone system to distribute a worm or virus, or jump to a data network and steal sensitive information, Dalmazzi said.
VoIPshield lists the vulnerabilities on its website. According to VoIPshield, it has categorized each vulnerability based on an exploit’s most likely malicious intent: unauthorized access, code execution, denial of service or information harvesting.
The company has also given each vulnerability a severity rating based on a modified industry standard index. Vendor responses are also included, indicating what action, if any, the vendor has indicated it plans to take to remediate the vulnerability, and when.
You can see the complete article here.