Predict your next investment

SOFTWARE (NON-INTERNET/MOBILE) | Billing, Expense Management and Procurement Software
soleocommunications.com

See what CB Insights has to offer

Founded Year

2002

Stage

Series A | Alive

Total Raised

$3.5M

Last Raised

$3.5M | 17 yrs ago

About Soleo Communications

Provider of software-based solutions and professional services to customer contact centers. The company positions and leverages its service request platform (SRP) as a next-generation VoIP call center solution as central to its product portfolio. Its business model is to obtain revenues for these solutions through a combination of system sales, recurring transaction fees, and professional service contracts. [Keywords: IP ACD, operator, network gateway]

Soleo Communications Headquarter Location

Willowbrook Office Park 300 Willowbrook Drive

Fairport, New York, 14450,

United States

(585)641-4300

Latest Soleo Communications News

Canadian telcos could have been hacked by third party app flaw, says security firm

Aug 24, 2018

Published: August 24th, 2018 A coding flaw in a cloud application aimed at helping people who have hearing or speech disorders place calls through an assistive telephone device could have been used to steal administration passwords at Canada’s major telecom providers or any other provider using the service, according to researchers at a security firm. The firm, Project Insecurity , said in a report that Soleo Communications — which provides a range of search and voice services for communications providers —  fixed the bug in its IP Relay service Aug. 10th. But, the researchers added, a determined attacker could have leveraged the vulnerability before it was sealed to steal passwords from configuration files. The problem, the report says, was “improper sanitization” of a parameter in the IP Relay servlet — in other words, bad coding. “A developer should always check for dangerous characters in filenames,” said the report. In this case, researchers were able to navigate through the server and into a sensitive directory by using directory traversal characters. It isn’t known if any attacker exploited the issue against any telecom provider before the application, which converts text to voice, was patched. Related Articles July 28th, 2017Howard Solomon @HowardITWC January 27th, 2017Christine Wong @itworldca March 16th, 2006Mari-Len De Guzman @itworldca The report says Bell, Rogers, Telus, Videotron, SaskTel and Shaw run Soleo’s IP Relay. Soleo Communications didn’t respond to a request for comment by press time. Nor did Bell. In an email Rogers said it was notified of the problem by the Canadian Cyber Incident Response Centre (CCIRC). Soleo’s fix was immediately installed. Rogers said its records show that customer information remained secure and was not accessed or exposed in any way. Project Security is a penetration and vulnerability assessment company with staff in Canada, the U.S. and the U.K. The Soleo vulnerability was discovered by Manitoba-based security operations Dominik Penner. In the report Penner said the vulnerability was discovered when he went to the login page of a telecom provider’s IP Relay client for customers. Clicking on the “forgot password” link brings up a URL with a get Page parameter. Changing the parameter to Test resulted in an error message, but that divulged it was trying to load a JSP (Java server page). Ultimately Penner was able to see directories in the application’s Adobe Tomcat server, and concluded that with some work an attacker could penetrate the source code and passwords it holds “An attacker could extract these passwords from within the source files, and further escalate their privileges on the server, or even use said information in a social engineering attack. The end result could be escalated to yield remote code execution,” he wrote. What software developers should do, says the report, is pay attention to coding recommendations of the Open Web Application Security Project (OWASP) for avoiding path traversal problems. These include understanding how the underlying operating system to the application will process filenames handed off to it, not storing sensitive configuration files inside the web root and, for Windows IIS servers, making sure the web root isn’t on the system disk, to prevent recursive traversal back to system directories. Related Download

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Soleo Communications Patents

Soleo Communications has filed 2 patents.

The 3 most popular patent topics include:

  • Computer telephony integration
  • Telemarketing
  • Acoustics
patents chart

Application Date

Grant Date

Title

Related Topics

Status

2/21/2020

6/8/2021

Telemarketing, Diagrams, Computer telephony integration, Data management, Telephone numbers

Grant

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

Application Date

2/21/2020

00/00/0000

Grant Date

6/8/2021

00/00/0000

Title

Subscribe to see more

Related Topics

Telemarketing, Diagrams, Computer telephony integration, Data management, Telephone numbers

Subscribe to see more

Status

Grant

Subscribe to see more

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.