Security researchers find vulnerability in Cisco VoIP phones

Dec 19, 2012 by Bob Yirka report
Computer scientists find vulnerabilities in Cisco VoIP phones
Columbia Engineering's computer science Ph.D. candidate Ang Cui designed this device to plug into a Cisco phone and download malware, showing the vulnerabilities of the phone. Credit: Columbia Engineering

(Phys.org)—Ang Cui a fifth year PhD student at Columbia University, has given a demonstration at this year's Amphion Forum in San Francisco, showing a security vulnerability he and colleagues have discovered in Cisco VoIP phones. The vulnerability, he said, allows an intruder to place an electronic device into an on-premise VoIP phone that can be controlled by a nearby smartphone – allowing the "Off Hook Switch" to be manipulated in such as way as to effectively turn the phone into a two-way walkie-talkie. He noted also that once a single phone had been breached all others on the same network could be breached as well though the single device.

Cui's demonstration was part of an overall theme – that embedded devices are vulnerable to attack by people bent on or who wish to cause harm. He noted that devices such as network printers are quite often installed without adequate protection, leaving them open to attack by those outside of the system who wish to get in. VoIP phones, he says, use roughly the same type of technology and thus are equally vulnerable.

VoIP phones are normal looking phones that make and receive telephone calls using the Internet instead of the traditional phone network. Many have installed them because of their increased utility. Governments use them as well, Cui demonstrated, by presenting pictures of them sitting in several different governmental offices, including that of the Director of the CIA. In his demonstration, he affixed a simple circuit board (he calls it the Thingp3wn3r) to a VoIP phone that he said could just as easily have been in someone's real office – in just minutes. Next, he demonstrated the effectiveness of the Thingp3wn3r by accessing it via a app. Words he spoke in the vicinity of the phone, despite the receiver being down – the traditional mode of putting a phone offline – were picked up by the circuit board and transmitted to the smarthone app and played for all to hear. The end result is an ability to place a bug in an office using a simple circuit board and available hardware.

Cui and his professor, Salvatore Stolfo notified Cisco of the vulnerability prior to the demonstration and Cisco has responded by creating a patch that prevents the vulnerability from occurring. Those who are concerned about the vulnerability of their own systems are urged to contact Cisco for support.

Explore further: Hand out money with my mobile? I think I'm ready

More information: ids.cs.columbia.edu/sites/default/files/paper-acsac.pdf

Press release

Related Stories

ZTE scrambles to get at root of phone flaw

May 18, 2012

(Phys.org) -- Rattling phone security news surfaced this week for those owning ZTE Score M phones after an anonymous post to Pastebin.com reported a backdoor hole where others can gain control over a user& ...

Recommended for you

Hand out money with my mobile? I think I'm ready

2 hours ago

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 0

More news stories

Tiny power plants hold promise for nuclear energy

Small underground nuclear power plants that could be cheaper to build than their behemoth counterparts may herald the future for an energy industry under intense scrutiny since the Fukushima disaster, the ...

Clean air: Fewer sources for self-cleaning

Up to now, HONO, also known as nitrous acid, was considered one of the most important sources of hydroxyl radicals (OH), which are regarded as the detergent of the atmosphere, allowing the air to clean itself. ...

Turning off depression in the brain

Scientists have traced vulnerability to depression-like behaviors in mice to out-of-balance electrical activity inside neurons of the brain's reward circuit and experimentally reversed it – but there's ...