Dual mode vulnerabilities identified

Article

Dual mode vulnerabilities identified

Andrew R. Hickey, Senior News Writer
Dual mode devices from many key vendors, including BlackBerry, have vulnerabilities that could disable features, freeze phones and ultimately disrupt enterprise communication capabilities.

The vulnerabilities, identified and made public this week by Sipera VIPER Lab, show that many dual mode phones can fall victim. Dual mode phones automatically switch between Wi-Fi and cellular networks, typically providing lower costs, improved connectivity and a rich set of converged services. According to Krishna Kurapati, CTO of Sipera, these vulnerabilities can expose enterprises and service providers to security risks and, if left unchecked, can be exploited by hackers, malicious users and spammers.

"Just like what's happening to PCs, the same thing can happen to these phones," Kurapati said, adding that many phones designed for fixed-mobile convergence (SMC) also use VoIP or SIP clients that can be exploited.

"It's a new vector of vulnerabilities," he said.

Sipera VIPER Lab identified the following threats to Wi-Fi and dual mode phones:

  • A format string vulnerability in Research In Motion Ltd.'s BlackBerry 7270 SIP stack could allow a remote hacker to disable the phone's calling features.
  • HTC HyTN using AGEPhone is vulnerable to malformed SIP messages sent over wireless LAN connections, which may cause active calls to disconnect.
  • A buffer overflow vulnerability in Samsung SCH-i730 phones that run SJPhone SIP Clients may allow an attacker to disable the phone

    Requires Free Membership to View

    Login

    SearchMobileComputing.com members gain immediate and unlimited access to expert guides for mobile deployment, management and security, industry trends, and more-- all at no cost. Join me on SearchMobileComputing.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchMobileComputing.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchMobileComputing.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  • and slow down the operating system.
  • A Dell Axim running SJPhone SIP soft phones is vulnerable to denial of service attacks that can freeze the phone and drain the battery.
  • A vulnerability found in the SDP parsing module of D-Link DPH-540 and DPH-541 Wi-Fi phones may allow remote attackers to disable the phone's calling features.

More on mobile security
Check out a special report on mobile security policies

Learn more about mobile spyware
"Voice over Wi-Fi using dual mode phones is a compelling new service for both consumers and enterprises," Kurapati said, "but the threat advisories just published show that these devices and networks are open to a variety of attacks."

Sipera identifies threats through its Sipera VIPER Lab, which comprises application developers, architects and engineers. Researchers identify new vulnerabilities and potential exploits while also scanning Web sites, blogs, discussion groups and media outlets for evidence of potential vulnerabilities and attacks. Sipera Systems makes security tools for mobile, VoIP and multimedia communications.