Dual mode devices from many key vendors, including BlackBerry, have vulnerabilities that could disable features, freeze phones and ultimately disrupt enterprise communication capabilities.
The vulnerabilities, identified and made public this week by Sipera VIPER Lab, show that many dual mode phones can fall victim. Dual mode phones automatically switch between Wi-Fi and cellular networks, typically providing lower costs, improved connectivity and a rich set of converged services. According to Krishna Kurapati, CTO of Sipera, these vulnerabilities can expose enterprises and service providers to security risks and, if left unchecked, can be exploited by hackers, malicious users and spammers.
"Just like what's happening to PCs, the same thing can happen to these phones," Kurapati said, adding that many phones designed for fixed-mobile convergence (SMC) also use VoIP or SIP clients that can be exploited.
"It's a new vector of vulnerabilities," he said.
Sipera VIPER Lab identified the following threats to Wi-Fi and dual mode phones:
- A format string vulnerability in Research In Motion Ltd.'s BlackBerry 7270 SIP stack could allow a remote hacker to disable the phone's calling features.
- HTC HyTN using AGEPhone is vulnerable to malformed SIP messages sent over wireless LAN connections, which may cause active calls to disconnect.
- A buffer overflow vulnerability in Samsung SCH-i730 phones that run SJPhone SIP Clients may allow an attacker to disable the phone and slow down the operating system.
- A Dell Axim running SJPhone SIP soft phones is vulnerable to denial of service attacks that can freeze the phone and drain the battery.
- A vulnerability found in the SDP parsing module of D-Link DPH-540 and DPH-541 Wi-Fi phones may allow remote attackers to disable the phone's calling features.
Sipera identifies threats through its Sipera VIPER Lab, which comprises application developers, architects and engineers. Researchers identify new vulnerabilities and potential exploits while also scanning Web sites, blogs, discussion groups and media outlets for evidence of potential vulnerabilities and attacks. Sipera Systems makes security tools for mobile, VoIP and multimedia communications.