Dual mode vulnerabilities identified

By Andrew R. Hickey, Senior News Writer 04 Apr 2007 | SearchMobileComputing.com

Mobile advice Digg This!     StumbleUpon     Del.icio.us

The vulnerabilities, identified and made public this week by Sipera VIPER Lab, show that many dual mode phones can fall victim. Dual mode phones automatically switch between Wi-Fi and cellular networks, typically providing lower costs, improved connectivity and a rich set of converged services. According to Krishna Kurapati, CTO of Sipera, these vulnerabilities can expose enterprises and service providers to security risks and, if left unchecked, can be exploited by hackers, malicious users and spammers.

"Just like what's happening to PCs, the same thing can happen to these phones," Kurapati said, adding that many phones designed for fixed-mobile convergence (SMC) also use VoIP or SIP clients that can be exploited.

"It's a new vector of vulnerabilities," he said.

Sipera VIPER Lab identified the following threats to Wi-Fi and dual mode phones:

• A format string vulnerability in Research In Motion Ltd.'s BlackBerry 7270 SIP stack could allow a remote hacker to disable the phone's calling features.
• HTC HyTN using AGEPhone is vulnerable to malformed SIP messages sent over wireless LAN connections, which may cause active calls to disconnect.
• A buffer overflow vulnerability in Samsung SCH-i730 phones that run SJPhone SIP Clients may allow an attacker to disable the phone and slow down the operating system.
• A Dell Axim running SJPhone SIP soft phones is vulnerable to denial of service attacks that can freeze the phone and drain the battery.
• A vulnerability found in the SDP parsing module of D-Link DPH-540 and DPH-541 Wi-Fi phones may allow remote attackers to disable the phone's calling features.

More on mobile security Check out a special report on mobile security policies Learn more about mobile spyware

"Voice over Wi-Fi using dual mode phones is a compelling new service for both consumers and enterprises," Kurapati said, "but the threat advisories just published show that these devices and networks are open to a variety of attacks."

Sipera identifies threats through its Sipera VIPER Lab, which comprises application developers, architects and engineers. Researchers identify new vulnerabilities and potential exploits while also scanning Web sites, blogs, discussion groups and media outlets for evidence of potential vulnerabilities and attacks. Sipera Systems makes security tools for mobile, VoIP and multimedia communications.

Tags: Smartphones and Mobile Phones,  Hackers and Threats to your Mobile Enterprise,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Smartphones and Mobile Phones Choosing personal mobile devices in a diverse mobile world CDMA2000: A 3G mobile technology An introduction to Android for mobile application development Can the smartphone replace the laptop? Mobile device governance Untethering the smartphone with an enterprise application store iPhone hacking: Lessons from the front line Trends in mobile computing Unboxing T-Mobile's G1, the first Google phone Motorola offers new Voice over Wireless LAN smartphones Hackers and Threats to your Mobile Enterprise Mobile security threats Securing corporate data on your laptops iPhone hacking: Lessons from the front line Trends in mobile computing Traditional security threats coming soon to mobile device near you Prevent mobile malware: Learn how to protect your enterprise and devices On-device defenses for mobile malware Is malware coming to a smartphone near you? New challenges in mobile device discovery Mobile security – Understanding and controlling risks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 2D barcode  (SearchMobileComputing.com) cell phone jammer  (SearchMobileComputing.com) inductive charging  (SearchMobileComputing.com) location awareness  (SearchMobileComputing.com) microblogging  (SearchMobileComputing.com) mobile marketing  (SearchMobileComputing.com) mobile search  (SearchMobileComputing.com) Open Handset Alliance  (SearchMobileComputing.com) radio charging  (SearchMobileComputing.com) wireless charging  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary