Cisco IP phones vulnerable to eavesdropping

Posted on Friday, Dec 28 2012 @ 16:36 CET by Thomas De Maesschalck
Cisco logo
NetworkWorld writes researchers at Columbia University discovered that all of Cisco's IP phones are at risk of being hacked. The vulnerabilities found in the phones' Unix-based operating system kernel enable attackers to listen in on calls and to access audio data at any time even if a phone call is not in progress.
And once a Cisco IP phone is hacked, it can infect other phones on the same network and attack computers and other attached devices, the scientists found. They reported their findings to Cisco in October and the company is developing a patch. But it's still unclear how many phones are still vulnerable, IEEE Spectrum reported.

According to one of the scientists: "We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything."

...

The vulnerabilities were found in the phones' Unix-based operating system kernel, according to IEEE Spectrum. The Columbia researchers developed a Bluetooth-enable device to attack the phone via physical connection but they also say the phones could be remotely compromised as well. They plan to demonstrate this vulnerability at a conference in Germany two days after Christmas.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments