[VOIPSEC] VoIP wireless phones - latest round of "Phase 1" security testing results
Shawn Merdinger
shawnmer at gmail.com
Tue Jan 17 16:23:34 EST 2006
fyi, I posted this research to Full Disclosure yesterday after my
ShmooCon talk. Same old story: debug access left in, extraneous open
ports, services, etc.
http://seclists.org/lists/fulldisclosure/2006/Jan/0555.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0554.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0553.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0552.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0551.html
http://seclists.org/lists/fulldisclosure/2006/Jan/0550.html
Nothing too l33t but security issues nonetheless. The "sexiest" one
is this <http://seclists.org/lists/fulldisclosure/2006/Jan/0552.html>
-- ability to hack the phone then have it call any number -- gives a
whole new meaning to "Can you hear me now?" ;)
Thanks,
--scm
More information about the Voipsec
mailing list