The Cisco Phone in the Boardroom Eavesdrops on Private Talks
Just because you are paranoid doesn`t mean your phone isn`t listening to everything you say
At the 29th Chaos Communication Congress, researchers Ang Cui and Michael Catello made public a proof of concept on how critical kernel vulnerabilities in Cisco Native Unix can be exploited to transform all Cisco Unified IP Phones 7900 Series in a network into remote bugging devices.
This basically allows attackers to compromise the firmware of the Cisco IP Phone in boardrooms or on employees` office desks to eavesdrop on private conversations. The researchers at Columbia University managed to activate the IP Phone microphone without lifting the handset, and to remotely listen to conversations.
“We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels.” explain the researchers behind the Hacking Cisco Phones project. “We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet.” they add.
Cisco was immediately informed of the vulnerability and issued an advisory on Wednesday detailing the bug. Their advisory reads “An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.”
Cisco used the security advisory to offer a temporary solution to customers handling vulnerable IP phones until the permanent patch scheduled for January 21st.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021