A bug involving 7900 Series IP phones from Cisco creates a means for hackers to eavesdrop on calls. The flaw stems from security shortcomings in the Extension Mobility feature of the phones, which allows users to configure a Cisco IP phone as their own. The feature is disabled by support, which is just as well because when …
It's much easier than that to bug a 7900 series
The 7900 series high end colour touchscreen units are driven by an XML page pulled from a web server.. The XML page displays graphics and allows features like soft buttons to interact back to the XML server and so provide active content on the phone.
What is not widely known is that the XML 'API' allows control of the phone features including making it go off hook, dial a number etc. The neatest feature of all is that you can do this with no visible indication of the phone being active.
So voila! Doctor the pages on the XML server (or by man in the middle) and you can make any high end 7900 series phone go off hook into handsfree speaker mode and to dial any other number silently. The party at the other end simply receives a call and listens in to chat in the boardroom or wherever.
CISCO, when the matter was quietly raised with them, said 'it's not a bug, it's a feature'
Of course it's a feature!
You don't understand. If they made it much harder, Our "friends" at Langley, Virginia, wouldn't be able to use it, would they?
Not to mention the rest of the alphabet soup.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- Feature Scotland's BIG question: Will independence cost me my broadband?
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- China in MONOPOLY PROBE into Microsoft: Do not pass GO, do not collect 200 yuan