A bug involving 7900 Series IP phones from Cisco creates a means for hackers to eavesdrop on calls. The flaw stems from security shortcomings in the Extension Mobility feature of the phones, which allows users to configure a Cisco IP phone as their own. The feature is disabled by support, which is just as well because when …
It's much easier than that to bug a 7900 series
The 7900 series high end colour touchscreen units are driven by an XML page pulled from a web server.. The XML page displays graphics and allows features like soft buttons to interact back to the XML server and so provide active content on the phone.
What is not widely known is that the XML 'API' allows control of the phone features including making it go off hook, dial a number etc. The neatest feature of all is that you can do this with no visible indication of the phone being active.
So voila! Doctor the pages on the XML server (or by man in the middle) and you can make any high end 7900 series phone go off hook into handsfree speaker mode and to dial any other number silently. The party at the other end simply receives a call and listens in to chat in the boardroom or wherever.
CISCO, when the matter was quietly raised with them, said 'it's not a bug, it's a feature'
Of course it's a feature!
You don't understand. If they made it much harder, Our "friends" at Langley, Virginia, wouldn't be able to use it, would they?
Not to mention the rest of the alphabet soup.