Creating a secure VoIP infrastructure begins with
NOVA VSPY (VoIP Vulnerability Analysis)

NOVA V-SPY is essential for a secure VoIP Infrastructure

VoIP/UC systems require an automatic tool that analyzes all the security infrastructures from end-user phones to call servers and reports security vulnerabilities and configuration errors in the system.

Designed for this purpose, NOVA V-SPY tool is compliant with standards and performs comprehensive screening, false numbering, fuzzing, DoS/DDoS, brute-force attacks and man-in-the-middle attacks. This easy-to-use, modular and high performance vulnerability analysis tool is designed to support penetration tests and system administrators assessing the security of VoIP applications and can be easily operated by both the security personnel and non-technical personnel.

NOVA V-SPY perceives all clients and services regardless of the manufacturer of the VoIP device, collects information about the services and tests vulnerability with the information on the database. Then, it generates reports including the vulnerability of the system and measures that shall be implemented. Thanks to its unique Black Box Test modules, NOVA V-SPY tests vulnerability on previously unknown application level.

Unified Communications Security Flaws and Attacks

  • According to ECT News Network, toll fraud is costing companies more than $4.7 billion a year.
  • A recent study by IDC found that just 48 percent of business trust VoIP security.
  • During the first quarter of 2015, Nettitude observed that the number of attacks against the VoIP services represented 67% of all attacks recorded against UK based servers.
  • Inadequate SIP Trunk Protection putting thousands of companies out of service.
  • Communications Fraud Control Association, 2014 Annual Survey shows that SIP Hacking accounts for over 25% of all cases and Cost of SIP Hacking is estimated at $11.7 billion. Monthly fraud cases reported up 121% in the last 5 years.
  • According to Hackmageddon 2015 Cyber Attack Statistics, the percentage of DoS\DDoS attacks, an attack whose objective is to exhaust the resources of a target host, is 9.3% in 2015. DDoS attacks against to VoIP infrastructure count for the largest part of intentional interruption attacks.

NOVA V-SPY can discover all the clients and services in even a large network topology instantaneously, regardless of the manufacturers of the VoIP devices. It gathers information on the services provided by these devices and tests them with the vulnerabilities in its database. Afterwards, it reports the issues based on how critical they are.

The Black Box Test Modules, which aren’t present in other products, enable it to discover previously unknown vulnerabilities.

It can hide itself while testing in order to prevent being blocked by IPS/IDS and SIEM products. The tests run by NOVA V-SPY do not only search for vulnerabilities in the application layer but also on other OSI Layers.

The 15-year long SIP based VoIP experience of NETAS was directly used in the creation of this product. The vulnerabilities obtained from tests and customer cases over these years are automatized and are provided to the customer via the V-SPY.

NOVA V-SPY is a modular, high performance vulnerability scanning framework aimed towards helping penetration testers and administrators that evaluate the security of VoIP applications.

  • Simple web based graphical user interface
  • Port and Host scanning to target SIP enabled device over UDP\TCP
  • Advanced penetration testing tools, such as the SIP Protocol Fuzzer
  • Extensive reporting facilities including Expert System evaluation
  • Fully automated test-case execution
  • Multithread tasks-Unlimited IP address limit
  • Vendor independent assessment
  • CWE-CVSS standards supported reports
  • Man in the middle attacks (Call recording and DTMF tone harvesting)
  • Various type of TDOS attacks
  • Fuzzing attacks on UC Interfaces
  • Fake SIP packets creation and injection

1. Network Sniffing

Allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords.

2. Scanning and Enumeration

  • Host Discovery: Scans the network of given IP or IP range and finds live hosts.
  • Device Identification: Discovers the identity of the host server.
  • Service Discovery: Detects services of the host server.
  • User Extension Enumeration Attack: Enumerates the users and internal numbers of target SIP servers.
  • SNMP Enumeration Attack: Finds any device that supports SNMP service.
  • VxWorks Devices Enumeration: Enumerates the VoIP devices which uses VxWorks operating system.

3. Brute Force

Obtains the password of the target user by utilizing a brute force word-list attack.

4. Packet Creation and Flooding

Simulates DoS/DDoS attacks to SIP-based systems. Attacks are configured based on the SIP Methods including INVITE, REGISTER, OPTIONS, CANCEL, BYE.

5. SIP Protocol Fuzzer

Sending different SIP messages that contain fields with erroneous data to detect UC server vulnerabilities.

  • Sequence Fuzzing Meessages: Testing the state machine with out of sequence and unexpected messages, repetition as well as omission of messages.
  • Structure Fuzzing Messages: Finding message syntax parsing and validation flaws by changing the structure with overflows, underflows, repetition and unexpected elements.

6. Signal/Media Manipulation Module

By performing ARP Poisoning (MITM attack) the tool can intrude or eavesdrop between two clients.

  • Anonymous Registration
  • Erase Registration
  • Registration Hijack
  • SIP Phone Reboot
  • Digest Leak

7. Expert Attack

  • Wangiri Scam
  • Caller ID Spoofing
  • Call Recording & DTMF Tone Harvesting

8. Reporting

Provides accurate, easy to interpret CVSS (Common Vulnerability Scoring System) and CWE (Common Weakness Enumeration) based reports and shares detailed test case results with the customer.

Screenshots and
How to Use

Click to button below to see the interfaces of the product.



Click to button below to get more details about the product.


NOVA Presentation Film

You are secure with "Cyber Security Solutions" and "Pentest Services" by NETAS! But how? Click to watch now...