Vulnerabilities In Wi-Fi/Dual-Mode Voip Phones presented at Blackhat USA 2007

by Krishna Kurapati,

Tags: Security

Summary : Dual-mode phones are used to
automatically switch between WiFi and cellular networks thus providing
lower costs, improved connectivity and a rich set of converged services
utilizing protocols like SIP. Among several other VoIP products and
services, Sipera VIPER Lab conducted vulnerability assessment on a
sample group of dual-mode/Wi-Fi phones and discovered that several
vulnerabilities exist in such phones allowing remote attacker to carry
out spoofing and denial-of-service attacks on such phones. As a result,
it is apparent that enterprises and service providers need to become
more aware of security threats to their fixed and mobile VoIP
infrastructure. Additionally, protection mechanisms including increasing
robustness of phone protocol implementations, employing VoIP security
best practices, and securing critical network nodes must be used. This
presentation gives a brief overview of this emerging technology, threats
associated with it, and ways to mitigate such threats.