[VOIPSEC] VoIP wireless phones - latest round of "Phase 1" security testing results

Shawn Merdinger shawnmer at gmail.com
Tue Jan 17 21:23:34 GMT 2006


fyi, I posted this research to Full Disclosure yesterday after my
ShmooCon talk.  Same old story: debug access left in, extraneous open
ports, services, etc.

http://seclists.org/lists/fulldisclosure/2006/Jan/0555.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0554.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0553.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0552.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0551.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0550.html

Nothing too l33t but security issues nonetheless.  The "sexiest" one
is this <http://seclists.org/lists/fulldisclosure/2006/Jan/0552.html>
-- ability to hack the phone then have it call any number -- gives a
whole new meaning to "Can you hear me now?" ;)

Thanks,
--scm



More information about the Voipsec mailing list