Cisco IP phones vulnerable to eavesdropping

by Jan Harris
November 29, 2007 VoIP 1

Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls.

Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server.

This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls.

However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network.

A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress.

The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month.

Add to Bookmarks:

ADD TO DEL.ICIO.US ADD TO DIGG ADD TO FURL

ADD TO STUMBLEUPON ADD TO YAHOO MYWEB ADD TO GOOGLE ADD TO SPURL


Daily VoIP News Digest		Thursday 20th of November 2008
Main: Home News Blog VoIP Categories: General VoIP VoIP Networks VoIP Phones VoIP Resources VoIP Technology VoIP Info VoIP Security News archives: November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 December 2005 November 2005 October 2005 July 2005 June 2005 May 2005 April 2005 March 2005 January 2005 More: Business Phones Cameras	Cisco IP phones vulnerable to eavesdropping by Jan Harris November 29, 2007 Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls. Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server. This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls. However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network. A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress. The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month. Add to Bookmarks: Related posts to "Cisco IP phones vulnerable to eavesdropping": VoIP security solutions from Cisco ... Cisco tackles security threat ... Businesses neglect Wi-fi and VoIP security ... Linskys Launches iPhone ... VOIP and Cisco ... No Comments » No comments yet. Leave a comment Name (required) Mail (will not be published) (required) Website Please add 0 and 8 Previous: « iBasis upgrades Pingo VoIP service Next: SoliCall’s PBXMate reduces background noise on VoIP » Visited 1182 times, 2 so far today	General VoIP Nimbuzz signs 17 SIP partners VoIP Phones Vopium launched on BlackBerry VoIP Technology Faster VoIP Connections From 8el VoIP Networks Vopium launched on BlackBerry snom launches 820 VoIP business phone VoIP Security Cisco releases patches for VoIP products Latest News: Faster VoIP Connections From 8el Nimbuzz signs 17 SIP partners Fluke adds VoIP to MetroScope NETPark Net adopts unified comms from Communigate Mu Dynamics secures Internet Telephony Excellence Award Nimbuzz Gives Social Networks Outside Communications Cheap Video Conferencing With Skype Skype toolbar optimised for Salesforce CRM Richard Huish College Keeps Tutors in Touch Vaioni offers hosted VoIP for £6 Most Read News Today: Faster VoIP Connections From 8el Nimbuzz signs 17 SIP partners NexTone and Springboard collaborate on VoIP Billing Nimbuzz gets $15 million shot in the arm Fluke adds VoIP to MetroScope Nimbuzz Gives Social Networks Outside Communications Skype toolbar optimised for Salesforce CRM NETPark Net adopts unified comms from Communigate VOIspeed launches new telephony packages VoIP forum Most Read News To Date: Vyke launches free mobile text messages VoIP forum NexTone and Springboard collaborate on VoIP Billing SIPtap software can eavesdrop on VoIP calls World Phone unveils VoIP plans in India Touchmods hack brings VoIP to iPod Touch Imminent release of 3 Mobile's Skype phone Ooma provides free phone calls over broadband Trial download of NoiseFree VoIP FreshTel provides VoIP products in ASDA UK Will bonded ADSL see bigger take-up?
VoIP News © 2005-2008. All rights reserved \| About \| Disclaimer \| Privacy \| XML Feed \| Contact

Main:

VoIP Categories:

News archives:

More:

Cisco IP phones vulnerable to eavesdropping

Related posts to "Cisco IP phones vulnerable to eavesdropping":

Leave a comment

General VoIP

VoIP Phones

VoIP Technology

VoIP Networks

VoIP Security

Latest News:

Most Read News Today:

Most Read News To Date: