Cisco IP phones vulnerable to eavesdropping

by Jan Harris
November 29, 2007

Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls.

Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server.

This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls.

However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network.

A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress.

The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month.


Daily VoIP News Digest		Wednesday 10th of March 2010
Main: Home News Blog VoIP Categories: General VoIP VoIP Networks VoIP Phones VoIP Resources VoIP Technology VoIP Info VoIP Security News archives: March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 December 2005 November 2005 October 2005 July 2005 June 2005 May 2005 April 2005 March 2005 January 2005	Cisco IP phones vulnerable to eavesdropping by Jan Harris November 29, 2007 Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls. Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server. This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls. However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network. A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress. The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month. Related posts to "Cisco IP phones vulnerable to eavesdropping": VoIP security solutions from Cisco Cisco tackles security threat Businesses neglect Wi-fi and VoIP security Cisco releases patches for VoIP products Linskys Launches iPhone No Comments » No comments yet. Leave a comment Name (required) Mail (will not be published) (required) Website Please add 0 and 8 Previous: « iBasis upgrades Pingo VoIP service Next: SoliCall’s PBXMate reduces background noise on VoIP » Visited 2273 times, 1 so far today	General VoIP ASC Telecom to demo VoIP recording solution at UC Expo VoIP Phones snom releases list of gold and platinum distributors VoIP Technology ASC Telecom to demo VoIP recording solution at UC Expo VoIP Networks snom releases list of gold and platinum distributors LG embeds Argela’s VoIP solution in handset VoIP Security Phone Power deploys Acme Packet’s SBCs Latest News: ASC Telecom to demo VoIP recording solution at UC Expo eUKhost Ltd launches dedicated VoIP hosting services ipcortex upgrades VoIPCortex platform IP Telephony Shows Strong Market Growth xG talks to FCC & Congress about spectrum improvement options Cloud Net Appoints New Sales and Marketing Director Timico to participate in Convergence Summit Hosted Telephony Shoot Out Shoretel partners with BSTechnologies in Abu Dhabi snom releases list of gold and platinum distributors LG embeds Argela’s VoIP solution in handset Most Read News Today: UC Testbook simplifies VoIP installation VoIP Testing eUKhost Ltd launches dedicated VoIP hosting services ipcortex upgrades VoIPCortex platform IP Telephony Shows Strong Market Growth snom first with TR-069 standard for VoIP management Nottinghamshire NHS installs VoIP communications 5 offers embedded TV shows Truphone integrates AIM into iPhone app Vopium expanding in Europe Most Read News To Date: NexTone and Springboard collaborate on VoIP Billing Vyke launches free mobile text messages VoIP forum SIPtap software can eavesdrop on VoIP calls Touchmods hack brings VoIP to iPod Touch World Phone unveils VoIP plans in India Ooma provides free phone calls over broadband Imminent release of 3 Mobile's Skype phone Trial download of NoiseFree VoIP Nimbuzz gets $15 million shot in the arm Will bonded ADSL see bigger take-up?
VoIP News © 2005-2010. All rights reserved \| About \| Disclaimer \| Privacy \| XML Feed \| Contact

Main:

VoIP Categories:

News archives:

Cisco IP phones vulnerable to eavesdropping

Related posts to "Cisco IP phones vulnerable to eavesdropping":

Leave a comment

General VoIP

VoIP Phones

VoIP Technology

VoIP Networks

VoIP Security

Latest News:

Most Read News Today:

Most Read News To Date: