[VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option

Robert Moskowitz rgm at icsalabs.com
Fri May 13 16:58:03 BST 2005


At 12:53 AM 5/13/2005, Candace Holman wrote:
>Some locations don't provide traditional 911 access for VoIP, it just 
>connects to an out of band administrative line at the answer point.  They 
>are supposed to make sure that the answer point is aware that emergency 
>calls may come in on that admin line.  But in terms of security, instead 
>of having to go to the trouble of snipping your phone or cable wires, with 
>this in place a criminal attacker can just hack your Vonage account to 
>disable your emergency communication line.

How does one hack a Vonage account?

I can only think of three ways:  Standard SSL MITM attacks (requires shared 
media), Keystroke capturing spyware, attacks against Vonage account 
server.  Number 2 is the most vunerable, it would seem.  And the attacker 
would typically be after things other than disabling emergency communications?


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who gets 
the credit





More information about the Voipsec mailing list