[VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option
bob at bobsplanet.com
Fri May 13 17:40:26 BST 2005
When you say Vonage account server, I assume you mean their
customer/provisioning system. The call server might also be a target.
- Zombie takeover of PC with a Vonage softphone.
- DOS attack against the ATA
Candace - could you clarify the scenario you had in mind a bit?
Don't any of the attacks against a residential service disable the entire
service, not just 911? Is this a case where someone is going to say, rob
you, wants to make sure that your 911 service is disabled so you can't call
for help? If so, seems like a pretty arcane attack to me.
It DOES seem like the admin lines as you describe it are much more likely to
suffer from DOS attacks than the main call center - maybe even just normal
emergency traffic. If I have 911 service from Vonage, et. Al, sounds like
there is a much higher chance of admin line getting overrun by "normal"
PS: Can the moderator fix the mailman bounce processing options to deal with
the OOO messages? Thanks.
From: Robert Moskowitz [mailto:rgm at icsalabs.com]
Sent: Friday, May 13, 2005 8:58 AM
To: Candace Holman; Bob Wise; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option
At 12:53 AM 5/13/2005, Candace Holman wrote:
>Some locations don't provide traditional 911 access for VoIP, it just
>connects to an out of band administrative line at the answer point. They
>are supposed to make sure that the answer point is aware that emergency
>calls may come in on that admin line. But in terms of security, instead
>of having to go to the trouble of snipping your phone or cable wires, with
>this in place a criminal attacker can just hack your Vonage account to
>disable your emergency communication line.
How does one hack a Vonage account?
I can only think of three ways: Standard SSL MITM attacks (requires shared
media), Keystroke capturing spyware, attacks against Vonage account
server. Number 2 is the most vunerable, it would seem. And the attacker
would typically be after things other than disabling emergency
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
E: rgm at icsalabs.com
There's no limit to what can be accomplished if it doesn't matter who gets
More information about the Voipsec