Call Interception Demonstrated On New Cisco Phones

← Back to Stories (view on slashdot.org)

Call Interception Demonstrated On New Cisco Phones

Posted by Soulskill on Friday May 13, 2011 @02:00AM from the can-you-hear-me-now dept.

mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."

15 of 90 comments (clear)

Min score:

Reason:

Sort:

Security is #1 by BoRegardless · 2011-05-13 02:10 · Score: 3, Insightful

There have been so many security holes in all sorts of hardware and for so long, that I have to think that there is a basic failure of top management to understand and grasp the issues involved in the trust people place in their products.
Having top managers make decisions on whether a program gets top flight security implemented from day 1 of a program's inception would be a big mistake.
Security today ought to be #1. Ask Sony for instance, or any one of the other dozen recent companies who have failed basic updates to their servers even after the lack of updates was published publicly online.
Sheesh. What does it take to get top management "on board".
1. Re:Security is #1 by BoRegardless · 2011-05-13 02:36 · Score: 2
  
  "The cost of doing business is rarely the price of doing business."
  Very good point. Warren Buffett noted "Price is what you pay; Value is what you get"
  For managers who slack on security, "Security Cost is what you pinch on; crisis is what you get"
WHEW! by Lumpy · 2011-05-13 02:10 · Score: 2

Glad I only run cisco phones that are outdated and run a SIP firmware.
Cisco makes great hardware, but their phone system software (and pricing) utterly sucks. I am doing things with asterisk here at the office that makes the cisco rep's jaw drop.

--
Do not look at laser with remaining good eye.
1. Re:WHEW! by Greyfox · 2011-05-13 02:37 · Score: 2
  
  You forgot to mention you work at www.asteriskporn.com...
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
2. Re:WHEW! by Lumpy · 2011-05-13 02:47 · Score: 2
  
  Auto forwarding users call to their cellphones if they are in the office or not.
  Get up and leave the building, when your cellphone can no longer be seen via BT it forwards your calls to your cellphone. returns to your desk phone when you return. nothing for you to do. it's all automatic.
  And then we have the telemarketer incoming call hell... anyone can transfer a call they receive to extension 8000. it puts that caller into a virtual "person" that plays back a random audio file ever time the other side stops talking based on silence detection... "yeah", "tell me more", what other features?", "ok", "yes", "just a minute".... also it blacklists that number to never ring a phone but go directly to the general voicemail box.
  Also least cost routing is a LOT easier. I route calls to land line outgoing if we have an office at that location, it goes across the T1 to that office and out their POP. we dropped long distance costs by 80% over the past 6 years we have done this. Plus I can run a 200 phone office location on a single low end server that costs LESS than the licensing cost for a cisco 50 phone deployment. Multiple stand alone system that inter-tie work Fantastic. plus net outages don't make a satellite office useless unlike a centralized Cisco setup.
  
  --
  Do not look at laser with remaining good eye.
3. Re:WHEW! by citylivin · 2011-05-13 05:14 · Score: 2
  
  Apparently, there is no central configuration for the phones (hardware) and all the phones need to be locally configured. That is just what i have heard about asterisk VS ccm. Because asterisk is all orientated towards POTS line cards and not IP phones. It was designed as an analog system, with some digital tacked onto it as an after thought. Meanwhile the new cisco call manager has polished their SIP support (i have heard, we dont have it yet) so that most things that you need SCCP for have now been reimplemented in SIP on ccm.
  For instance, how would you centrally assign multiple lines to a phone? hand edit every xml file on the tftp server? your gonna do that for 2000 phones?
  Of course im not an asterisk expert, but I am a collector of anecdotes. Cisco Call manager has been pretty rock solid for us. I cant even remember any major issue in the last 5 years.
  
  --
  As a potential lottery winner, I totally support tax cuts for the wealthy
Re:Enterprise Systems by fuzzyfuzzyfungus · 2011-05-13 02:15 · Score: 5, Funny

Your ill-understood slander of Enterprise Solutions will not be tolerated.

Any two-bit neckbeard with a sourceforge account can create a "poorly understood clusterfuck."

However, only by leveraging the organizational synergies of a corporation committed to customer-centric excellence across multiple value centers is it possible to create a "poorly understood clusterfuck" backed by overpriced consultants, soporific slide decks, documentation that addresses the hypothetical case of a 50,000 seat installation across hundreds of multinational satellite sites; but fails to have any useful information on why some critical service leaks memory and needs to be restarted every 18 hours, a custom set of Vizio(tm) objects that allows middle managers and Certified Solution Architects to emulate understanding of the system with impressive graphical flourishes, and a mandatory "maintenance contract" that makes you eligible to pay a per-incident fee to have some poor dude in Hyderabad read a script at you.

Freetards, they just don't understand the value of good commercial Solutions.
Re:Enterprise Systems by pushing-robot · 2011-05-13 02:27 · Score: 3, Funny

I dunno; when you go to Cisco.com and click on Enterprise, you're presented with the line:
"Break down barriers to reach people and information wherever and whenever you need them."
Sounds like they understand it perfectly.

--
How can I believe you when you tell me what I don't want to hear?
Hang on by Spad · 2011-05-13 02:33 · Score: 3, Insightful

A Cisco spokesman said the networking vendor was serious about security and advised users to apply the relevant recommendations in the manual to secure their systems.
[...]
The weaknesses result from Cisco's reliance on web functions that gave users functions at the cost of easier penetration for hackers.
[...]
“The book says to shut off web services,” Wesley said
So why the hell is Cisco shipping devices with features that they themselves recommend disabling for security reasons, unless you have specific need for them, enabled by default?
1. Re:Hang on by fast+turtle · 2011-05-13 03:17 · Score: 2
  
  Actually, the reason it's so hard to determine the problem is because everything is active. If a system is in locked down status to begin with, you have an easier time figuring out the problem because you only need to work on (1) One issue at a time. Much nicer. Of course it would also help if they'd create a product where the basic functionality worked out of the box and didn't depend on so many proprietary techs.
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
2. Re:Hang on by wiedzmin · 2011-05-13 04:56 · Score: 2
  
  I'm grateful they give the customer the chance to evaluate their own security risks and choose between security and function.
  Disabling the features by default, does not take away the customer's ability to evaluate their own security risks and enable what they need. Enabling everything by default is a bad practice, it puts all but the most experienced customers in harm's way. Ever heard of a security concept called 'implicit deny'?
  
  --
  Bow before me, for I am root.
Working with SIP is never easy by anthm · 2011-05-13 02:40 · Score: 3, Interesting

I have been working on the open source softswitch FreeSWITCH http://www.freeswitch.org/ for almost 6 years now.
During that time I have seen SIP continuously evolve to try to cover its own shortcomings which all stemmed from the simple concept of "If we base it on HTTP, we can use proxys and never have to worry about media" Of course this is not true and the amount of complexity that is put into each SIP device is much too great which is probably why Cisco prefers its own lighter "skinny" protocol. Sadly they own Sipura and Linksys and have SIP on their devices using countless hacks that make interop a nightmare. I am sure you can do many of these same attacks on any brand of phone. There are much better reasons out there to curse Cisco for being involved in VoIP. =D
Re:Enterprise Systems by Sarten-X · 2011-05-13 02:41 · Score: 3, Funny

Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.
...
Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.
...
Shenk you far callink Eenterprice Grummar Solootions. Moy nam is "Jason". How cane I be helpink you today?
I see you are havink a service agreement with us. Zees ees very good. I will be transferrink you now to "second-tier support". Thank you for callink us today. Goodbye.
...
Thank you for calling Enterprise Grammar Solutions. Your business is important to us. We understand that you have a choice of grammar Nazis, and we thank you for choosing to read our post. All of our operators are busy at the moment, so please remain on the line until a qualified operator is available to assist you.
...
Entaprise Gramma Solutions. This is Bob. What can I do for ya?
All-righty. Ye've got yerself a nice little post there. Now, that there semicolon in your third paragraph should be a comma. That's it. Now, according to this here agreement, you'll be billed $99.95 for this call. Thanks for callin'.

--
You do not have a moral or legal right to do absolutely anything you want.
This is very old by MobyDisk · 2011-05-13 04:00 · Score: 3, Interesting

Cisco IP phones are not designed to be secure out of the box. They periodically connect to an unsecured FTP site to download firmware and unencrypted password text files. They use DHCP to determine the FTP site and the phone directory. The phones accept remote commands that allow you to control them: push any button, dial calls, turn on/off the speakerphone, etc. Back in 2005 I worked in an office and we had fun telneting to each other's phones and making them quack or display funny messages or other such nonsense. The articles are light on details but it sounds like nothing has changed.
Re:Great by DinDaddy · 2011-05-13 04:11 · Score: 2

I'm not actually worried about external hacking, our corporate IT isn't totally incompetent. I am just less than pleased that my employer themselves can potentially listen to me through my phone even when I am not using it.