Shmoocon 2006: VoIP WiFi phone security analysis

shmoocon

Shawn Merdinger gave a presentation on his personal research project covering the security of VoIP WiFi phones. For his initial investigation he is employing a “level one” methodology. These would be attacks from a low to medium skilled hacker, a hacker’s “first look” at the device: looking for open ports, finding developer left-overs, and misusing features. One thing that was common across all phones is how easily they succumb to DOS attacks. He talked about the issues with several specific phones. Many left open port 17185, which is the VxWorks database debug port. The favorite was the Clipcomm CPW-100E which provides unauthenticated access to debugging accounts letting you read call logs and even place calls, turning it into a remote listening device. You can hear Shawn talk about his project on Blue Box Podcast #13. Blue Box also has a copy of Shawn’s detailed slides. Here’s a list of the new phone security threats released a Shmoocon.

Comments

  1. trevor harris says:

    dose any one know how to hack past a privacy code on the t-mobile side kick 2. It’s only a 3 digt code. Get back to me a trevor97220@aol.com

  2. tiuk says:

    If it’s just numeric it might be easiest to just brute force it.

  3. Thomas says:

    The new Linksys SPA WiFi phones are relatively secure, 17185 was not open on default settings.

    http://www.voiplink.com/Linksys_WIP300_p/linksys-wip300.htm

    http://www.voiplink.com/Linksys_WIP330_p/linksys-wip330.htm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,041 other followers