Wifi SIP WPA/PSK Support

Frank Bulk frnkblk at iname.com
Thu Jan 26 20:55:45 UTC 2006



I've been tracking the Wi-Fi SIP phone space for some time, and have
documented all the phones that I could find here:
http://www.mtcnet.net/~fbulk/VoWLAN.doc
It's about a 7 MB file because I've included pictures of these devices where
I could find them.

Because we just installed a SIP proxy server on our switch I took the
opportunity to purchase and try out 4 Wi-Fi SIP phones: 
- Hitachi IPC-5000
- UTStarcom F1000
- Pulver WiSIP/ZyXEL P-2000W v1
- ZyXEL P-2000 v2

The last two offer identical user interface and functionality but a
different shell.  

The Hitachi doesn't offer WPA support, but it does do 802.1X (specifically
EAP-MD5, EAP-TLS, PEAP, and EAP-TTLS) with WEP.  That probably means it can
hand out WEP keys, and perhaps perform dynamic WEP.  The only phone to
support WPA from that short list is the F1000 with 3.60 or higher firmware,
and that's only WPA-PSK.

If you look in the Word document you'll see there are other phones that
offer WPA support, but there not are readily available in the North American
market.

Kind regards,

Frank

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Mike
Leber
Sent: Wednesday, January 25, 2006 10:35 PM
To: nanog at merit.edu
Subject: Wifi SIP WPA/PSK Support



I'm working on finding a Wifi SIP phone that supports WPA/PSK that we can
recommended to VOIP clients.  As everybody knows, currently most Wifi SIP
phones support WEP which is demonstrably insecure.  For banking and
financial customers, or companies that are given passwords or credit cards
over the phone, this is a serious security issue.

We recently bought a Hitachi-Cable Wireless IPC-5000 WiFi SIP Phone from
voipsupply.com after finding some web pages that said that phone supported
WPA (the pages were in German), yet once we got the phone all it supported
was WEP even after updating the firmware to the latest version using the
website mentioned in the documentation that came with the phone.

I've had a few people say that there was some sort of conspiracy to keep
US citizens from using secure phones, however I found that laughable
because the potential risk of terrorist or criminal interception from
having all Wifi telephone conversations involving credit cards (let alone
social security numbers, bank account numbers, passwords, what have you)
in the clear would create an attack vector so large as to exceed all other
possible attack vectors... I mean why work on cracking anything when you
can just listen to everybody in the clear (well virtually in the clear
with WEP).

So, back in reality, could anybody in the US that bought their Wifi SIP
phone in the US share a success story at getting Wifi SIP setup with
WPA/PSK?  What model of phone did you buy?  Where did you get it?  Did you
have to upgrade it to any special version of firmware or what?

Mike.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber at he.net                                       http://www.he.net |
+-----------------------------------------------------------------------+






More information about the NANOG mailing list