Blackberry™ 7270 SIP stack transaction processing vulnerability

Overview

A vulnerability in Blackberry 7270 SIP stack while processing transaction state after the user picks up the call may allow an attacker to control call disconnection.

Impact

The phone remains unavailable for approximately 40 seconds after processing such INVITE. No calls can be made or received during the duration.

Description

Attacker can use a script to send a malicious INVITE message to Blackberry 7270 and disable call disconnection for approximately 40 seconds. During this duration attempt to make a call from the 7270 results in error-- “Cannot connect. Call in progress”. Additionally, attempt to make a call to the phone results in 486 Busy Here response from the phone.

Solution

Phone SIP stack implementation should be patched to prevent exploiting such vulnerability.

Vendor Response:

RIM: A vulnerability exists in the Session Initiation Protocol (SIP) implementation on WLAN BlackBerry 7270 smartphones with BlackBerry Device Software Version 4.0.1.83 and earlier that if exploited by an attacker can result in a temporary Denial of Service in the phone application, but does not affect the other capabilities of the smartphone. This does not affect any other BlackBerry models. To exploit this vulnerability, a user with malicious intent requires access to a private branch exchange (PBX) from within the enterprise network. Research In Motion is working to provide a patch for this issue in a timely manner. For more information please see http://www.blackberry.com/security/news.jsp

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com