Ever get the feeling that somebody else is listening to your conversations at work? Does that Cisco IP phone sitting at your desk seem a bit creepy to you?
Well, you probably need professional psychiatric help then…
Just kidding. Not really. Maybe.
Recently at the 29th Chaos Communication Congress (29C3) a pair of very smart engineers from Columbia University presented a talk on how to exploit a vulnerability in the kernel code of Cisco Unified IP Phones 7900 Series version 9.3(1)SR1 (and prior).
The attack involves attaching a device to the Cisco phone’s serial port and injecting malware that gives the attacker control of the phone. The attacker can turn on the phone’s microphone without being noticed, therefore stealthily eavesdrop on phone conversations.
Cisco is said to be working on another patch (an earlier one evidently didn’t work to close this vulnerability):
Cisco has not released fixed software at this time. Cisco anticipates releasing an Engineering Special the week of January 21, which is focused on closing known attack vectors for the vulnerability documented in this advisory.
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Some of you may not be too worried about this attack since it requires physical access to the phone in order to attach the malware device with the payload.
But ask yourself, how physically secure are your phones? And how secure are your premises? Do you know who the disgruntled employees are? Do you know who the janitors are? Do you know where the visitors are at all times?
Cisco is also the top vendor for IP phones worldwide. They are the equivalent of Windows in the IP telephony space, i.e. the most attractive target to hackers.
Get ready for more of these types of hacks in today’s brave new world of IP telephony.