Dual mode vulnerabilities identified

Dual mode devices have vulnerabilities that could be exploited to disrupt enterprise communication capabilities.

Dual mode devices from many key vendors, including BlackBerry, have vulnerabilities that could disable features, freeze phones and ultimately disrupt enterprise communication capabilities.

The vulnerabilities, identified and made public this week by Sipera VIPER Lab, show that many dual mode phones can fall victim. Dual mode phones automatically switch between Wi-Fi and cellular networks, typically providing lower costs, improved connectivity and a rich set of converged services. According to Krishna Kurapati, CTO of Sipera, these vulnerabilities can expose enterprises and service providers to security risks and, if left unchecked, can be exploited by hackers, malicious users and spammers.

"Just like what's happening to PCs, the same thing can happen to these phones," Kurapati said, adding that many phones designed for fixed-mobile convergence (SMC) also use VoIP or SIP clients that can be exploited.

"It's a new vector of vulnerabilities," he said.

Sipera VIPER Lab identified the following threats to Wi-Fi and dual mode phones:

  • A format string vulnerability in Research In Motion Ltd.'s BlackBerry 7270 SIP stack could allow a remote hacker to disable the phone's calling features.
  • HTC HyTN using AGEPhone is vulnerable to malformed SIP messages sent over wireless LAN connections, which may cause active calls to disconnect.
  • A buffer overflow vulnerability in Samsung SCH-i730 phones that run SJPhone SIP Clients may allow an attacker to disable the phone and slow down the operating system.
  • A Dell Axim running SJPhone SIP soft phones is vulnerable to denial of service attacks that can freeze the phone and drain the battery.
  • A vulnerability found in the SDP parsing module of D-Link DPH-540 and DPH-541 Wi-Fi phones may allow remote attackers to disable the phone's calling features.

More on mobile security
Check out a special report on mobile security policies

Learn more about mobile spyware
"Voice over Wi-Fi using dual mode phones is a compelling new service for both consumers and enterprises," Kurapati said, "but the threat advisories just published show that these devices and networks are open to a variety of attacks."

Sipera identifies threats through its Sipera VIPER Lab, which comprises application developers, architects and engineers. Researchers identify new vulnerabilities and potential exploits while also scanning Web sites, blogs, discussion groups and media outlets for evidence of potential vulnerabilities and attacks. Sipera Systems makes security tools for mobile, VoIP and multimedia communications.

Dig deeper on Smartphones and Mobile Phones

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close