Feeds

back to article YOUR Cisco VoIP phone is easily TAPPED, warns CompSci prof

Computer scientists claim security vulnerabilities in Cisco VoIP phones allowed them to eavesdrop on calls and turn devices into bugging equipment. Ang Cui has demonstrated how malicious code injected into 14 of the networking vendor's Unified IP Phone models could be used to record private conversations - and not just those …

COMMENTS

This topic is closed for new posts.

phine fun

our office has cisco phones with security totally off by default. you can take control of any phone with a nice xml over http api. no need for hacking just rtfm. one day im going to make all the phones in the office simultaneously get a call from the boss. i just not got around to it.

0
0
Silver badge

It's an inside job, guv.....

It would require knowing the specific IP address of the telephone of the "to be overheard person" , which is by no means an easy task unlesss of course you are already in the building or if you are the Telephony Admin.

Most IP Phones are / should be in seperate VLANs which would make it difficult toactually communicate with the phone ....unless the IT/Switch Admin was the hacker of course.

I hope that this remains just proof of concept, I would hate to find out that it was an actuality.

1
2
Anonymous Coward

Re: It's an inside job, guv.....

Yes - and phones are allocated private addresses which would not normally be accessible to the users and have no need of any access to the Internet. If you have the necessary physical or ssh access to the telephone, then you are already in a position of some trust - but it could be a good way for network admins to eavesdrop on their managers.

0
0
Anonymous Coward

Re: It's an inside job, guv.....

Doesn't matter, based on my experience with the audio quality on Cisico IP phones, all you'll hear is "mffle, wffle hmmmbg wffle, oovgvgssh. Bye!"

1
1
Stop

What's bugging me?

Frequent and BIZARRE use of UPPERCASE words IN Reg HEADLINES

0
1
Anonymous Coward

Sci-Fi FAIL

How can you mention a symbiote and not relate it to Stargate?

0
0
Silver badge
Happy

And CISCO generated the report about ...

Chinese manufacturers having back doors!

Get real, now we know it is a trade war.

3
0
Silver badge

Yawn, that's so 2012

There's been a talk on the 29C3 last year about it. And for the last decade or so there has been security issue after security issue in IOS. No wonder they ditched the name.

0
0

*Cough*Advert*Cough*

"Your Cisco phone requires antivirus security software, which we're designing by the way"

Seriously, with that much physical access required, why not just plug in a hub and sniff traffic?

0
0
Anonymous Coward

VoIP is rubbish.

Buggy, insecure rubbish.

1
1
Stop

As opposed to traditional voice where someone can plug a buttinski into a frame and/or pit and listen to anyone they feel like?

1
0
Silver badge
Facepalm

VoIP insecure SHOCK!

or not.

0
0
FAIL

Come on Reg, stop being used like this

Are you trying to tell me that a security "researcher" has "discovered" a way to upload a custom firmware to a device if he has physical access to it for a few minutes?

ZOMG WTF STOP THE PRESSES! ?

Hey news flash people. Give me physical access to stuff in your building and I can reprogram your routers, reprogram ANY phone ("vulnerable" or not) and do it all just as fast, and just as easily, as this guy can - especially if I know in advance what gear I'll be fiddling with. Even better I can sprinkle listening devices and cameras like pixie dust throughout your offices etc etc ad infinitum.

Physical access trumps all. Calling this a security "vulnerability" is laughable and El Reg should be ashamed of itself for getting on board with this without due diligence.

0
0
This topic is closed for new posts.