Remotely listen in via hacked VoIP phones: Cisco working on eavesdropping patch - Computerworld

Remotely listen in via hacked VoIP phones: Cisco working on eavesdropping patch - Computerworld

Remotely listen in via hacked VoIP phones: Cisco working on eavesdropping patch - Computerworld

Posted: 08 Jan 2013 12:00 AM PST

Let's say the doors and windows are all closed, all cell phones in the room are on Airplane mode as you and your business partners discuss some super-secret save-the-world formula. But "just because you are paranoid doesn't mean your phone isn't listening to everything you say," warned DARPA (Defense Advanced Research Projects Agency) funded researchers at the 29th Chaos Communication Congress (29C3). During Hacking Cisco Phones, the researchers demonstrated how they could remotely turn on a phone's microphone and eavesdrop from anywhere in the world. If the VoIP Cisco phone has a web cam, they could also turn that on without anyone the wiser.

This Cisco phone vulnerability would allow more than eavesdropping for espionage purposes. Columbia University Computer Science Professor Salvatore Stolfo, said, "Any government that would like to peer into the private lives of citizens could use this. This is a great opportunity to create a low-cost surveillance system that is already deployed. It's a monitoring infrastructure that's free, when you turn these into listening posts."

Columbia University Computer Science PhD candidate Ang Cui demonstrated how they easily inserted "malicious code into a Cisco VoIP phone (any of the 14 Cisco Unified IP Phone models) and start eavesdropping on private conversations—not just on the phone but also in the phone's surroundings—from anywhere in the world." A hacked phone could "then infect other phones on the same network and attack connected computers and devices such as printers." According to Cui, "We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything,"

Cisco had released a patch to close the vulnerability, but the researchers said it was ineffective in stopping attackers from eavesdropping on conversations. Cui added, "We don't know of any solution to solve the systemic problem with Cisco's IP Phone firmware except for the Symbiote technology or rewriting the firmware." Now Cisco said its "A-Team is working on mitigations and a permanent patch. The company plans to issue a security advisory and a detailed mitigation document later this week." The company had also told NBC News that "all Cisco IP phones feature a hard-wired light that will alert the user whenever the microphone is active," but the researchers showed that the speaker LED light indicating the microphone is on can be made to stay dark.

Hacking Cisco phones thingp3wn3r to take over Cisco VoIP phones to remotely eavesdrop from anywhere in the world

Cisco phones run a Unix-like operating system kernel. Columbia University showed this small wired device called a "thingp3wn3r" to plug into a RJ11 serial port of a Cisco phone and download malware. The extremely long Hacking Cisco Phones, 314 slides and nearly 2GB presentation [PDF] goes in depth into the hack. The 29C3 video showed the researchers using a mobile phone to connect to the thingp3wn3r over a Bluetooth connection to remotely deliver the exploit.

Columbia University Staff Research Scientist Michael Costello pointed out that Cisco phones are used in the White House, in Air Force One, in former CIA director David Petraeus's office as well as in businesses large and small worldwide. "Having a vulnerability in a phone like this gives you ears in many skyscrapers in cities around the world," Cui stated.


Popular posts from this blog

SIP Phones Explained - Telecom Reseller

Endpoint Wars 2019 – Which is the Best Device? - UC Today

Cyber Monday: The best software deals for charities - Charity Digital News