1 min read

The Cisco Phone in the Boardroom Eavesdrops on Private Talks

Loredana BOTEZATU

January 11, 2013

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The Cisco Phone in the Boardroom Eavesdrops on Private Talks

Just because you are paranoid doesn`t mean your phone isn`t listening to everything you say

At the 29th Chaos Communication Congress, researchers Ang Cui and Michael Catello made public a proof of concept on how critical kernel vulnerabilities in Cisco Native Unix can be exploited to transform all Cisco Unified IP Phones 7900 Series in a network into remote bugging devices.

 

This basically allows attackers to compromise the firmware of the Cisco IP Phone in boardrooms or on employees` office desks to eavesdrop on private conversations. The researchers at Columbia University managed to activate the IP Phone microphone without lifting the handset, and to remotely listen to conversations.

“We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels.” explain the researchers behind the Hacking Cisco Phones project. “We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet.” they add.

Cisco was immediately informed of the vulnerability and issued an advisory on Wednesday detailing the bug. Their advisory reads “An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.”

Cisco used the security advisory to offer a temporary solution to customers handling vulnerable IP phones until the permanent patch scheduled for January 21st.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Man who "scraped and sold 178 million users' data" is sued by Facebook Man who "scraped and sold 178 million users' data" is sued by Facebook
Graham CLULEY

October 26, 2021

2 min read
Microsoft Teams Rolls Out End-to-End Encryption Microsoft Teams Rolls Out End-to-End Encryption
Silviu STAHIE

October 25, 2021

1 min read
Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains
Filip TRUȚĂ

October 25, 2021

2 min read