Security Analysis of an IP Phone: Cisco 7960G

IP phones are an essential component of any VoIP infrastructure. The hardware constraints and newness of these devices, as compared to mature desktop or server systems, lead to software development focused primarily on features and functionality rather than security and dependability. While several automated tools exist to test the security of IP phones, these tools have limitations and can not provide a strong guarantee that a particular IP phone is secure. Our work evaluates the attack resilience of a widely deployed IP phone, the Cisco 7960G, employing techniques such as: vulnerability scans, fuzz tests, and static binary analysis. While the first two techniques found no vulnerabilities, the static analysis of the firmware image revealed critical vulnerabilities and fundamental software design flaws. We conclude that security designs proven useful in desktop and server software architectures should similarly appear as part of the software design for devices such as IP phones.