Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Privacy Communications Security Your Rights Online

Call Interception Demonstrated On New Cisco Phones 90

mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."
This discussion has been archived. No new comments can be posted.

Call Interception Demonstrated On New Cisco Phones

Comments Filter:
  • by Anonymous Coward
    Do we need any more evidence that 'enterprise level' is nothing more than a euphemism for 'poorly understood clusterfuck' ?
    • by fuzzyfuzzyfungus ( 1223518 ) on Friday May 13, 2011 @10:15AM (#36117566) Journal
      Your ill-understood slander of Enterprise Solutions will not be tolerated.

      Any two-bit neckbeard with a sourceforge account can create a "poorly understood clusterfuck."

      However, only by leveraging the organizational synergies of a corporation committed to customer-centric excellence across multiple value centers is it possible to create a "poorly understood clusterfuck" backed by overpriced consultants, soporific slide decks, documentation that addresses the hypothetical case of a 50,000 seat installation across hundreds of multinational satellite sites; but fails to have any useful information on why some critical service leaks memory and needs to be restarted every 18 hours, a custom set of Vizio(tm) objects that allows middle managers and Certified Solution Architects to emulate understanding of the system with impressive graphical flourishes, and a mandatory "maintenance contract" that makes you eligible to pay a per-incident fee to have some poor dude in Hyderabad read a script at you.

      Freetards, they just don't understand the value of good commercial Solutions.
      • by Zerth ( 26112 )

        It'd be awesome if companies would just put the script they give the guys in Hyderabad on the web so I can read through it myself.

        That would help me avoid calling, as well as plan my responses when I do call to minimize the time to reach somebody who has actually used the product.

      • by Sarten-X ( 1102295 ) on Friday May 13, 2011 @10:41AM (#36117808) Homepage

        Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.


        Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.


        Shenk you far callink Eenterprice Grummar Solootions. Moy nam is "Jason". How cane I be helpink you today?

        I see you are havink a service agreement with us. Zees ees very good. I will be transferrink you now to "second-tier support". Thank you for callink us today. Goodbye.


        Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.


        Entaprise Gramma Solutions. This is Bob. What can I do for ya?

        All-righty. Ye've got yerself a nice little post there. Now, that there semicolon in your third paragraph should be a comma. That's it. Now, according to this here agreement, you'll be billed $99.95 for this call. Thanks for callin'.

        • That's not tier 2 support! That's straight off the "reboot your paragraph" script they give to the first-line flunkies. From [] --

          As a strong comma, [the semicolon] can be used to provide strong separation of two independent clauses with a coordinating conjunction (normally, a comma provides this separation) or to separate a series of phrases or clauses with internal commas.

          (emphasis mine).

          The clause preceding the semicolon has a numbe

          • you're saying that Enterprise Grammar Solutions is as functional as any other "enterprise" solution?
      • Oh, that explains how Skype was worth $8.5 billion.
      • "Enterprise Solutions"
        "leveraging the organizational synergies"
        "customer-centric excellence"
        "value centers"
        "Certified Solution Architects"

        My marketing/buzzword BS meter just caught fire after reading this.

      • Let's stop bein disingenous here. This article is about Cisco. If you purchase and maintain a Cisco SmartNet contract on a piece of equipement then you can call (toll-free) into TAC (technical assistance center) and speak directly with an engineer who probably knows more about IOS then you could dare to learn in a lifetime. This engineer will then usually be able to immedietely connect to your device and fix the problem. No other company has had better support and I do this for a living.
        • by swalve ( 1980968 )
          I agree. I am very impressed with the detail and rigor that goes into the Cisco training. I haven't seen anything close to it since the old Compaq x000 series of Proliants was introduced, or the older HP Laserjets, where the manuals were delightfully Apple II-like. Imagine, teaching people EVERYTHING about a system.
    • by Anonymous Coward

      My naive inexperienced self presume 'Enterprise' to mean rock-solid, if not crufty software like Solaris, AIX, etc. Not shiny by any stretch of the imagination, but solid.

      Now I know the truth, that by and large 'Enterprise' software is entirely convoluted fragile pieces of crap that mandates large amounts of work to maintain. They do not win because of quality, they win based on smoozing salespeople and executives and/or architects intentionally sabotaging things for the sake of job security.

    • by pushing-robot ( 1037830 ) on Friday May 13, 2011 @10:27AM (#36117674)

      I dunno; when you go to and click on Enterprise, you're presented with the line:

      "Break down barriers to reach people and information wherever and whenever you need them."

      Sounds like they understand it perfectly.

  • Security is #1 (Score:4, Insightful)

    by BoRegardless ( 721219 ) on Friday May 13, 2011 @10:10AM (#36117530)

    There have been so many security holes in all sorts of hardware and for so long, that I have to think that there is a basic failure of top management to understand and grasp the issues involved in the trust people place in their products.

    Having top managers make decisions on whether a program gets top flight security implemented from day 1 of a program's inception would be a big mistake.

    Security today ought to be #1. Ask Sony for instance, or any one of the other dozen recent companies who have failed basic updates to their servers even after the lack of updates was published publicly online.

    Sheesh. What does it take to get top management "on board".

    • The cost of doing business is rarely the price of doing business.
      • "The cost of doing business is rarely the price of doing business."

        Very good point. Warren Buffett noted "Price is what you pay; Value is what you get"

        For managers who slack on security, "Security Cost is what you pinch on; crisis is what you get"

    • by swalve ( 1980968 )
      This is what you get when you put "operating systems" on things like toasters, telephones and gas pedals, rather than purpose built firmware. We will figure it out eventually, I hope.
  • by Lumpy ( 12016 ) on Friday May 13, 2011 @10:10AM (#36117532) Homepage

    Glad I only run cisco phones that are outdated and run a SIP firmware.

    Cisco makes great hardware, but their phone system software (and pricing) utterly sucks. I am doing things with asterisk here at the office that makes the cisco rep's jaw drop.

    • by Greyfox ( 87712 )
      You forgot to mention you work at
  • Hang on (Score:4, Insightful)

    by Spad ( 470073 ) <slashdot.spad@co@uk> on Friday May 13, 2011 @10:33AM (#36117718) Homepage

    A Cisco spokesman said the networking vendor was serious about security and advised users to apply the relevant recommendations in the manual to secure their systems.
    The weaknesses result from Cisco's reliance on web functions that gave users functions at the cost of easier penetration for hackers.
    “The book says to shut off web services,” Wesley said

    So why the hell is Cisco shipping devices with features that they themselves recommend disabling for security reasons, unless you have specific need for them, enabled by default?

    • by Klync ( 152475 )

      I don't want to defend Cisco's laziness here, but there is a sort of logic to what they do - especially given all the VAR's that end up deploying these systems: the hardware / software is shipped so that it's easiest to deploy out of the box. A phone installation can go wrong in so many different places, it helps in troubleshooting and remote management to have everything open by default, and then start locking things down once it's running. This approach has obvious flaws, but the alternative would be a ni

      • Actually, the reason it's so hard to determine the problem is because everything is active. If a system is in locked down status to begin with, you have an easier time figuring out the problem because you only need to work on (1) One issue at a time. Much nicer. Of course it would also help if they'd create a product where the basic functionality worked out of the box and didn't depend on so many proprietary techs.

        • I suspect you and the OP have no actual experience with the system, so I'll say the following:

          -No engineer I know enables more services than we need. Only inexperienced engineers who don't know what service does what activates them all.
          -Troubleshooting isn't as difficult as you make it to be. CUCM includes very detailed logging facilities, the trick is knowing how to read them.
          -VoIP security, specifically with CUCM, in my experience is rarely implemented. It's not as big of a problem as this article makes i

    • You pegged my irony meter. Now it's broken.

      Hey-- Microsoft just bought Skype! You can use that instead, right?

      (now ducking)

  • There's a phone just like the one in that pic on my desk.

    • Scary...

      Our city council deploys similar IP phones from Nortel Networks - are they vulnerable, too, I wonder? Fortunately, their physical security is pretty damn good, they seem to know damn well that I'll abuse Ethernet ports if given half a chance, so finding out isn't an option for me...

      • I'm not actually worried about external hacking, our corporate IT isn't totally incompetent. I am just less than pleased that my employer themselves can potentially listen to me through my phone even when I am not using it.

  • by anthm ( 894202 ) on Friday May 13, 2011 @10:40AM (#36117794) Homepage Journal

    I have been working on the open source softswitch FreeSWITCH [] for almost 6 years now.
    During that time I have seen SIP continuously evolve to try to cover its own shortcomings which all stemmed from the simple concept of "If we base it on HTTP, we can use proxys and never have to worry about media" Of course this is not true and the amount of complexity that is put into each SIP device is much too great which is probably why Cisco prefers its own lighter "skinny" protocol. Sadly they own Sipura and Linksys and have SIP on their devices using countless hacks that make interop a nightmare. I am sure you can do many of these same attacks on any brand of phone. There are much better reasons out there to curse Cisco for being involved in VoIP. =D

  • 1. Does your system use software?
    2. Is it connected to a network, or does it have any kind of outward-facing attack surface?
    3. Is it an embedded system?
    4. Is it based on Windows?
    5. Is it based on another commercial OS?
    6. Does it use a significant number of standard libraries?
    7. Is it proprietary, or has it /not/ been subject to significant public attack/repair/analysis.
    8. Does it handle any kind of sensitive data, have a microphone that could overhear things, or is it connected to a network that has other k

    • I agree. There is nothing new here and the reactions seen in the comments are precisely why I cannot frequent this site anymore.

  • \ I read the article and it provides no details on the exploit(s). How are we supposed to know if a system is vulnerable, let alone what configuration changes are required to harden security? The article links to the original Slashdot submission, which links to the article... which came first, and where is the original source?
  • There's no details about anything in that article. Aside from the single picture of one 7975 phone showing RickRolled, it doesn't list vulnerable phone models at all. (Also strange is that the 7975 is a model that doesn't handle video calls on the phone itself, so I'm not sure how a video is playing on it). Despite that, the summary here on Slashdot tells everyone that Cisco's 7900 series of phones is vulnerable with the link given for its "Latest IP Phones". There's more models of phones that Cisco makes .

  • This is very old (Score:4, Interesting)

    by MobyDisk ( 75490 ) on Friday May 13, 2011 @12:00PM (#36118980) Homepage

    Cisco IP phones are not designed to be secure out of the box. They periodically connect to an unsecured FTP site to download firmware and unencrypted password text files. They use DHCP to determine the FTP site and the phone directory. The phones accept remote commands that allow you to control them: push any button, dial calls, turn on/off the speakerphone, etc. Back in 2005 I worked in an office and we had fun telneting to each other's phones and making them quack or display funny messages or other such nonsense. The articles are light on details but it sounds like nothing has changed.

    • by Anonymous Coward

      I had great fun in medical residency on slow days making the (completely unsecured) Cisco IP phones burp, fart, talk, scream, etc., in the hospital. Of course, this same hospital was dependent on portable communications (cordless IP phones, etc) secured with WEP. Of course, anyone with an iPod in their pocket could shut the entire thing down just by spamming control packets. At one point, I had my laptop in my call room and fired up Backtrack to sniff the network. By 9AM I'd cracked every one of their wirel

  • VoIP systems can be compromised/abused? I intercept calls at work ("... for quality assurance and monitoring purposes ..."); if that system was compromised [] someone could certainly demonstrate call interception on a two-bit Asterisk/Polycom setup too.

  • Could it be used against telemarketers? Please?

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde