A bug involving 7900 Series IP phones from Cisco creates a means for hackers to eavesdrop on calls. The flaw stems from security shortcomings in the Extension Mobility feature of the phones, which allows users to configure a Cisco IP phone as their own. The feature is disabled by support, which is just as well because when …
It's much easier than that to bug a 7900 series
The 7900 series high end colour touchscreen units are driven by an XML page pulled from a web server.. The XML page displays graphics and allows features like soft buttons to interact back to the XML server and so provide active content on the phone.
What is not widely known is that the XML 'API' allows control of the phone features including making it go off hook, dial a number etc. The neatest feature of all is that you can do this with no visible indication of the phone being active.
So voila! Doctor the pages on the XML server (or by man in the middle) and you can make any high end 7900 series phone go off hook into handsfree speaker mode and to dial any other number silently. The party at the other end simply receives a call and listens in to chat in the boardroom or wherever.
CISCO, when the matter was quietly raised with them, said 'it's not a bug, it's a feature'
Of course it's a feature!
You don't understand. If they made it much harder, Our "friends" at Langley, Virginia, wouldn't be able to use it, would they?
Not to mention the rest of the alphabet soup.
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps