Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Privacy Communications Security Your Rights Online

Call Interception Demonstrated On New Cisco Phones 90

Posted by Soulskill
from the can-you-hear-me-now dept.
mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."
This discussion has been archived. No new comments can be posted.

Call Interception Demonstrated On New Cisco Phones

Comments Filter:
  • Security is #1 (Score:4, Insightful)

    by BoRegardless (721219) on Friday May 13, 2011 @09:10AM (#36117530)

    There have been so many security holes in all sorts of hardware and for so long, that I have to think that there is a basic failure of top management to understand and grasp the issues involved in the trust people place in their products.

    Having top managers make decisions on whether a program gets top flight security implemented from day 1 of a program's inception would be a big mistake.

    Security today ought to be #1. Ask Sony for instance, or any one of the other dozen recent companies who have failed basic updates to their servers even after the lack of updates was published publicly online.

    Sheesh. What does it take to get top management "on board".

  • Hang on (Score:4, Insightful)

    by Spad (470073) <slashdot@spad.YEATSco.uk minus poet> on Friday May 13, 2011 @09:33AM (#36117718) Homepage

    A Cisco spokesman said the networking vendor was serious about security and advised users to apply the relevant recommendations in the manual to secure their systems.
    [...]
    The weaknesses result from Cisco's reliance on web functions that gave users functions at the cost of easier penetration for hackers.
    [...]
    “The book says to shut off web services,” Wesley said

    So why the hell is Cisco shipping devices with features that they themselves recommend disabling for security reasons, unless you have specific need for them, enabled by default?

In seeking the unattainable, simplicity only gets in the way. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...