[ISN] Hack turns the Cisco phone on your desk into a remote bugging device

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Jan 2013 04:32:21 -0600 (CST)
http://arstechnica.com/security/2013/01/hack-turns-the-cisco-phone-on-your-desk-into-a-remote-bugging-device/

By Dan Goodin
Ars Technica
Jan 10 2013

Internet phones sold by Cisco Systems are vulnerable to stealthy hacks 
that turn them into remote bugging devices that eavesdrop on private 
calls and nearby conversations.

The networking giant warned of the vulnerability on Wednesday, almost 
two weeks after a security expert demonstrated how people with physical 
access to the phones could cause them to execute malicious code. Cisco 
plans to release a stop-gap software patch later this month for the 
weakness, which affects several models in the CiscoUnified IP Phone 7900 
series. The vulnerability can also be exploited remotely over corporate 
networks, although Cisco has issued workarounds to make those hacks more 
difficult.

"Cisco recognizes that while a number of network, device, and 
configuration based mitigations exist, there is no way to mitigate the 
physical attack vector on the affected devices," the company's advisory 
stated. "To this end, Cisco will conduct a phased remediation approach 
and will be releasing an intermediate Engineering Special software 
release for affected devices to mitigate known attack vectors for the 
vulnerability documented in this advisory."

The vulnerability is the latest reminder of privacy threat posed by 
today's phones, computers, smartphones, and other network-connected 
devices. Because the devices run on software that is susceptible to 
hacking, they can often surreptitiously be turned into listening—and 
sometimes spying—vehicles that capture our business secrets or most 
intimate moments.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Fri Jan 11 2013 - 02:32:21 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 11 2013 - 02:30:50 PST