Many VoIP phones, in particular 802.11b/g handsets, have serious software vulnerabilities out-of-the-box ranging from hardcoded credentials, remote debugging access left in from development, vulnerable applications (like embedded webservers), and other issues. My personal research and evaluations on these VoIP wifi phones have documented several of these vulnerabilities across multiple vendors' phones, take a look here: http://www.security.nnov.ru/source12976.html Crypto is a start, but if attackers can simply telnet to a open port on the phone and conduct low-level debugging, make calls, etc...well, that's a problem. Thanks, Shawn Merdinger, Independent Security Researcher