Call Interception Demonstrated On New Cisco Phones 90
mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."
Working with SIP is never easy (Score:3, Interesting)
I have been working on the open source softswitch FreeSWITCH http://www.freeswitch.org/ [freeswitch.org] for almost 6 years now.
During that time I have seen SIP continuously evolve to try to cover its own shortcomings which all stemmed from the simple concept of "If we base it on HTTP, we can use proxys and never have to worry about media" Of course this is not true and the amount of complexity that is put into each SIP device is much too great which is probably why Cisco prefers its own lighter "skinny" protocol. Sadly they own Sipura and Linksys and have SIP on their devices using countless hacks that make interop a nightmare. I am sure you can do many of these same attacks on any brand of phone. There are much better reasons out there to curse Cisco for being involved in VoIP. =D
This is very old (Score:4, Interesting)
Cisco IP phones are not designed to be secure out of the box. They periodically connect to an unsecured FTP site to download firmware and unencrypted password text files. They use DHCP to determine the FTP site and the phone directory. The phones accept remote commands that allow you to control them: push any button, dial calls, turn on/off the speakerphone, etc. Back in 2005 I worked in an office and we had fun telneting to each other's phones and making them quack or display funny messages or other such nonsense. The articles are light on details but it sounds like nothing has changed.