Home page logo
/

isn logo Information Security News mailing list archives

Hack turns the Cisco phone on your desk into a remote bugging device
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 Jan 2013 04:32:21 -0600 (CST)

http://arstechnica.com/security/2013/01/hack-turns-the-cisco-phone-on-your-desk-into-a-remote-bugging-device/

By Dan Goodin
Ars Technica
Jan 10 2013

Internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations.

The networking giant warned of the vulnerability on Wednesday, almost two weeks after a security expert demonstrated how people with physical access to the phones could cause them to execute malicious code. Cisco plans to release a stop-gap software patch later this month for the weakness, which affects several models in the CiscoUnified IP Phone 7900 series. The vulnerability can also be exploited remotely over corporate networks, although Cisco has issued workarounds to make those hacks more difficult.

"Cisco recognizes that while a number of network, device, and configuration based mitigations exist, there is no way to mitigate the physical attack vector on the affected devices," the company's advisory stated. "To this end, Cisco will conduct a phased remediation approach and will be releasing an intermediate Engineering Special software release for affected devices to mitigate known attack vectors for the vulnerability documented in this advisory."

The vulnerability is the latest reminder of privacy threat posed by today's phones, computers, smartphones, and other network-connected devices. Because the devices run on software that is susceptible to hacking, they can often surreptitiously be turned into listening—and sometimes spying—vehicles that capture our business secrets or most intimate moments.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

  By Date           By Thread  

Current thread:
  • Hack turns the Cisco phone on your desk into a remote bugging device InfoSec News (Jan 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]