Researcher Demos Security Flaw in Cisco IP Phones
Once a single phone is compromised, the attacker is able to eavedrop on all phones on a network.
At the Amphion Forum in San Francisco, Columbia University grad student Ang Cui recently demonstrated a vulnerability in all Cisco VoIP phones that could allow an attacker to eavesdrop on conversations.
"Cui demonstrated an attack against a Cisco-branded phone where he was able to put code on the phone by installing -- and then removing -- an external circuit board from the Ethernet port on the phone," writes Threatpost's Michael Mimoso. "Then using his smartphone, Cui was able to turn the phone into a listening device even though the phone’s Off-Hook switch was enabled."
"Once the phone was compromised, the entire network of phones could be vulnerable to eavesdropping, Cui said," writes FierceEnterpriseCommunications' Fred Donovan. "He also explained that he could compromise the phone remotely without inserting a circuit board."
"The Columbia researchers reported the vulnerability to Cisco on 22 October, within a few days of discovering and verifying the bug," writes IEEE Spectrum's Charles Q. Choi. "The company has produced a patch, but it’s unclear how many phones are still vulnerable. 'We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything,' Cui says."
"The VoIP phone vulnerability demonstrated at the Amphion Forum was a stark reminder of the need to address the device security mess," Kurt Stammberger, CISSP, vice president of market development at Mocana and chair of the Amphion Forum, said in a statement. "The sad fact is that most devices connected to corporate networks, like printers and VoIP phones, are almost totally unsecured."