Abstract

Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and discovered that several vulnerabilities exist in such phones allowing remote attacker to carry out spoofing and denial-of-service attacks on such phones. As a result, it is apparent that enterprises and service providers need to become more aware of security threats to their fixed and mobile VoIP infrastructure. Additionally, protection mechanisms including increasing robustness of phone protocol implementations, employing VoIP security best practices, and securing critical network nodes must be used. This presentation gives a brief overview of this emerging technology, threats associated with it, and ways to mitigate such threats.