CONTACT SALES
Internet Telephony Product of the Year

Format string vulnerability in Blackberry™ 7270 SIP stack implementation may cause the phone not to be able to accept or make calls

Advisory Number: VIPER-2007-023
Release Date: 2007.03.26
Source: Sipera VIPER Lab
Systems Affected: Blackberry 7270- Wireless Handheld (OS v4.0.1.83, Platform 1.0.0.69)
Category: Mobile Device Denial of Service
Severity: High

Overview

A format string vulnerability in Blackberry 7270 SIP stack may allow a remote attacker to disable phone’s calling features. Phone must be rebooted to recover from this stage.

Impact

If exploited, this vulnerability makes the phone calling features unusable unless rebooted. User may not become aware of this unless he/she tries to make a call causing denial of service.

Description

BlackBerry 7270 Wireless Handheld™ provides SIP-based IP telephony for facility-based employees. It operates on 802.11b Wireless Local Area Networks (WLANs) to provide Voice over WLAN (VoWLAN) functionality.

SIP stack used by Blackberry 7270 is vulnerable to format string vulnerability. If an attacker can send a crafted malformed SIP message to the phone the phone may enter a state where it can neither receive nor make further calls. The malformed message may sometimes generate an error message on the screen—“Uncaught exception: java.lang.IllegalArgumentException”.

  1. Cannot make calls: Once the malformed message is processed by the phone user cannot make further calls. Each attempt to make a call results in an error message—“Cannot connect. Call in progress”.
  2. Cannot receive calls: Once the malformed message is processed by the phone the phone cannot receive further calls. It responds to Ping requests but when a call is made to the phone it neither rings nor shows any indication on the screen. Network sniffing reveals that the phone sends a 486 Busy Here response to the INVITE message.

The only way to recover from this state is to reboot the phone.

Solution

Phone SIP stack implementation should be patched to prevent exploiting such vulnerability.

Vendor Response:

RIM: A vulnerability exists in the Session Initiation Protocol (SIP) implementation on WLAN BlackBerry 7270 smartphones with BlackBerry Device Software Version 4.0.1.83 and earlier that if exploited by an attacker can result in a Denial of Service in the phone application, but does not affect the other capabilities of the smartphone. This does not affect any other BlackBerry models. To exploit this vulnerability, a user with malicious intent requires access to a private branch exchange (PBX) from within the enterprise network. Research In Motion is working to provide a patch for this issue in a timely manner. For more information please see http://www.blackberry.com/security/news.jsp

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

UC Security Defined
Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab, Sipera's solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance.

© Copyright 2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.