Review: FiWin SS28S WiFi VoIP SIP/Skype Phone

There is a lot of noise about VoIP lately, especially because it can help you avoid a major part of your cellphone bill. The first VoIP handsets released were all USB-based, but now cordless, Bluetooth and WiFi handsets are springing one by one in the market. The most affordable WiFi handset in the market right now, selling for just $150, is the FiWin SS28S that was released at the beginning of the summer by FiWin. Geeks.com sent us in a unit for the purposes of this review.

The Good:

Always look on the bright side of life” -Eric Idle

Indeed I shall do just that. The SS28S has a very, very, bright side. The best part about the phone is the audio quality. It’s simply spectacular. One person I spoke to questioned if I had a new cell phone because the call was so clear. The phone also has some nifty features like SIMPLE support. This allows it to send text messages to other SIP users whose clients support it.

I started by placing a couple of calls using Gizmo to “411” (the info line) and found I had zero problems getting it to identify my selections. I then held an hour long conversation using Gizmo’s Call Out, and was surprised to find the phone still had plenty of battery left for another hour long call to someone else! FiWin claims 3.5 hour call time for the battery life, and I can certainly believe it.

Using the phone to send text (SIMPLE) messages made it feel just like a cell phone. I’d have to say better than SMS as I didn’t have to pay to send it! The catch of course is that you can only send to someone who has a client that supports SIMPLE. On the other hand, you can only send a SMS to someone with a phone that supports it.

That pretty much sums up the bright side. Unfortunately the phone has a dark side as well. A deep, dark side. So dark that it almost shadows the light.

The Bad:

Where to begin? Firmware? Usability issues? There’s so many problems, it’s hard to determine where to start!

The current firmware version is 01_02_07, and that’s it. Don’t worry though, you can (in theory) update the firmware! But there’s a catch! To update the firmware you must use the USB cable. This brings on its own problems: the phone didn’t come with a USB cable, you can’t buy one because it’s proprietary, and FiWin doesn’t sell it. So you can in theory update the phone if you could get a cable from FiWin. The phone has the option to upload the phone book, sip settings, configuration settings, etc. to a FTP server. This sounds excellent! Edit your phone book on your computer, and then put it back on the phone. Except that all transfers to the FTP server must be done over the USB cable.

So you can’t update it, but why would you want to? It’s not like there’s a giant security hole that would need fixing… Right? Wrong! FiWin left the debug console turned on. Pick your jaw up off the floor, and read on for instructions to access it. I stumbled upon this by port scanning the phone, and noticed that port 23 was open. A quick telnet session revealed that the phone is running VxWorks! It asks for a username and password, which should deter most people from attempting to use it. I’m sure FiWin would pick something super clever and hard to crack, so let’s rule out the obvious: phone/phone, admin/admin, root/root, FiWin/FiWin, etc. Oh well… Guess we’ll try this the old fashion way. 1/1. Wait… It worked! They actually set their username and password to 1/1! So much for security.

Surely they crippled the debug console though… Issuing the “help” command yields a list of available commands. Let’s take a quick look through the commands. “d” Well… That displays ram values. Enough snooping reveals WEP/WPA keys, username & password for SIP, etc. Who needs to encrypt data anyway? Pfft! Next lets have a look at “m.” Modifying memory sounds like a good idea! Let’s start poking around! Woops, crashed the phone! And towards the bottom of the command list, some might notice “diskFormat” and “diskInit.” That can’t be good. Adios phone. (Note, I didn’t actually run these last two commands for fear of bricking the phone) Running “version” yields the following output:

VxWorks (for ARM PID – ARM7TDMI (ARM)) version 5.4.

Kernel: WIND version 2.5.

Made on Jun 27 2006, 15:01:30.

Boot line:

flash(0,0)host:c:/ftp_home/vxWorksATMEL e=192.168.1.1:0xffffff00 h=192.168.1.2 u=target pw=tv f=0x2008 tn=phone o=ANY


VxWorks 5.4. While not the most recent version, at least I couldn’t find any network stack exploits for it. That could end up being disastrous. There’s also a few actual firmware bugs that I’ve discovered too. First is that enabling a STUN server in the sip settings sets your registration time to 150 seconds. You cannot change that number unless you disable STUN. Your settings will be reset as soon as you enable STUN again though. A nice feature of the phone is that it can sync the time via SNTP. The catch here is that the timezone settings are all 1 hour off. Select a zone that is 1 hour ahead of yours to correct this. And for good measure sprinkle in some random crash bugs while sitting at the main screen (Though not while in a call… Yet!), and you’ve got some buggy firmware. There is hope though, as you can kill the telnet console. Login to the phone, and type “td tTelnetd” without the quotes. This prevents future logins, but doesn’t close the port, so all the debug messages are still displayed. How about a firmware update FiWin?

Usability problems are annoying, but can be survived. First, the phone doesn’t allow per SSID settings. You apply your settings to all SSIDS you will connect to. So if you have the SSID “test” and it uses a WEP key, then any other networks you connect to on the phone must either use the same WEP key, or you must clear the wep key, and retype it when you want to connect to “test” again. This makes it really annoying to use WEP or WPA at home, and then go for a walk and expect it to connect to other open networks. The next issue is an extension of the first. If you attempt to connect to an unencrypted network via the “Site Survey” menu, it will tell you that you need to disable WEP/WPA first. Couldn’t it just do this for you? Maybe while still saving the keys as well?

The phone is a Skype/SIP phone, right? Wrong. Well sorta. Skype support is apparently limited to Skype 1.x. Using Skype is a mess. This isn’t a Skype phone like the NETGEAR Skype WiFi phone. Skype requires companies to license their protocol if they want to support it. FiWin one upped Skype with a clever and free alternative. Use virtual audio devices with Skype for Windows, and send the audio to the phone. While clever in the idea, their implementation is non functioning as far as I can tell.

After trying for a couple of hours I never once managed to the get the call to actually connect to the phone. I could call using the phone, and the PC would say the call connected, but you couldn’t hear or talk on the phone. The phone actually still displayed the connection message long after the PC hung up. Using their method of the virtual audio cables means that your PC has to stay on for Skype to work. It also means that if you go to another network that you can’t make Skype calls. I believe port forwarding could be enabled on your router to bypass this limitation, but because I couldn’t even get it to work on my own network I didn’t bother confirming it.

Conclusion:

The SS28S is a great little phone once you overlook the security issues, and usability issues. It has about the same reception as a standard PCMCIA or USB WiFi adapter with an internal antenna, so you can’t get incredibly far from the access point. The battery life is impressive when it comes to call time. But walk outside of your AP’s range and watch the phone eats away at the battery as it stays in “Scanning” mode. The phone supports 5 ring tones, and 1 is an actual phone ring. This is nice for those like myself who don’t need or want fancy ring tones. It also has a vibrate mode, silence mode, key lock, all of which you would expect to find on your average cell phone. All in all I would recommend the phone, but not at the current going price. In its current state, I would say it should be sold for under $100. If FiWin ever addresses the firmware issues, or at least the ability to actually update the firmware, then I would say $150 is a fair price for it.

I’d like to say thanks to Geeks.com for donating the phone. It was used in the name of science. And you know what that means… Actual advances in the name of science.

Rating: 8/10 – Audio quality was so impressive I’m willing to overlook the security and usability issues. Please don’t crack into my phone. =)

7 Comments

  1. 2006-09-21 7:48 pm
  2. 2006-09-21 8:04 pm
    • 2006-09-21 8:11 pm
  3. 2006-09-21 8:16 pm
    • 2006-09-21 8:22 pm
    • 2006-09-21 8:41 pm
  4. 2006-09-22 7:53 pm