vulnerable voip phones can let attackers listen in on your office

Who’s listening in on YOU?

We don’t give too much thought to our VOIP phones – they look like regular old landline phones and seem pretty innocuous sitting on our desks.  However, a presentation from the recent 29th Chaos Communications Congress held last week in Berlin should be a wakeup call for security professionals.  2 Columbia University researchers demonstrated how they used vulnerabilities in the operating system for Cisco’s VOIP phones in order to take control of the devices and turn them into eavesdropping devices capable of picking up conversations in their vicinity and relaying them to a remote attacker.  As a bonus, they showed how to make their hack a permanent part of the phone, preventing patches and upgrades.  Definitely worth viewing for security professionals.

What to do about it?  Well, when Cisco releases a working patch for this problem, I would definitely suggest upgrading all affected phones’ firmware, I would also give some thought to how your VOIP VLAN is protected and whether having unattended feature phones in public parts of your site is a good idea.

vulnerable voip phones can let attackers listen in on your office

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s