"These attacks actually do happen out in the wild," said Eric Winsborrow, Sipera's chief marketing officer. He said many of these exploits were easy to execute and preventable if proper security measures were implemented.
Possibly the most onerous of the vulnerabilities was the ability of an attacker to forge a user's identity and take over their session -- a registration replay attack.
"Vonage doesn't do a lot of authentication or a lot of re-authentication," Winsborrow said. "Simply knowing the user's number and that they're online allows Vonage hijacking."
Most of the vulnerabilities are not limited to Vonage, but Sipera said it released the information a month after initially trying to get a response from Vonage on the vulnerabilities.
A spokesperson for Vonage, said that Sipera is in the business of providing "VoIP solutions" and that Vonage declined to be a customer of Sipera's products.
VIPER labs has posted a list of the vulnerabilities it found.
Comment Preview