Computer scientists claim security vulnerabilities in Cisco VoIP phones allowed them to eavesdrop on calls and turn devices into bugging equipment. Ang Cui has demonstrated how malicious code injected into 14 of the networking vendor's Unified IP Phone models could be used to record private conversations - and not just those …
our office has cisco phones with security totally off by default. you can take control of any phone with a nice xml over http api. no need for hacking just rtfm. one day im going to make all the phones in the office simultaneously get a call from the boss. i just not got around to it.
It's an inside job, guv.....
It would require knowing the specific IP address of the telephone of the "to be overheard person" , which is by no means an easy task unlesss of course you are already in the building or if you are the Telephony Admin.
Most IP Phones are / should be in seperate VLANs which would make it difficult toactually communicate with the phone ....unless the IT/Switch Admin was the hacker of course.
I hope that this remains just proof of concept, I would hate to find out that it was an actuality.
Re: It's an inside job, guv.....
Yes - and phones are allocated private addresses which would not normally be accessible to the users and have no need of any access to the Internet. If you have the necessary physical or ssh access to the telephone, then you are already in a position of some trust - but it could be a good way for network admins to eavesdrop on their managers.
Re: It's an inside job, guv.....
Doesn't matter, based on my experience with the audio quality on Cisico IP phones, all you'll hear is "mffle, wffle hmmmbg wffle, oovgvgssh. Bye!"
What's bugging me?
Frequent and BIZARRE use of UPPERCASE words IN Reg HEADLINES
How can you mention a symbiote and not relate it to Stargate?
And CISCO generated the report about ...
Chinese manufacturers having back doors!
Get real, now we know it is a trade war.
Yawn, that's so 2012
There's been a talk on the 29C3 last year about it. And for the last decade or so there has been security issue after security issue in IOS. No wonder they ditched the name.
"Your Cisco phone requires antivirus security software, which we're designing by the way"
Seriously, with that much physical access required, why not just plug in a hub and sniff traffic?
VoIP is rubbish.
Buggy, insecure rubbish.
As opposed to traditional voice where someone can plug a buttinski into a frame and/or pit and listen to anyone they feel like?
VoIP insecure SHOCK!
Come on Reg, stop being used like this
Are you trying to tell me that a security "researcher" has "discovered" a way to upload a custom firmware to a device if he has physical access to it for a few minutes?
ZOMG WTF STOP THE PRESSES! ?
Hey news flash people. Give me physical access to stuff in your building and I can reprogram your routers, reprogram ANY phone ("vulnerable" or not) and do it all just as fast, and just as easily, as this guy can - especially if I know in advance what gear I'll be fiddling with. Even better I can sprinkle listening devices and cameras like pixie dust throughout your offices etc etc ad infinitum.
Physical access trumps all. Calling this a security "vulnerability" is laughable and El Reg should be ashamed of itself for getting on board with this without due diligence.
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards
- Product round-up Ten Mac freeware apps for your new Apple baby
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Product round-up The Glorious Resolution: Feast your eyes on 5 HiDPI laptops
- Analysis BlackBerry's turnaround relies on a secret weapon: Its own network