Columbia researcher hacks into, eavesdrops on Cisco VoIP phone

Cisco says software patch is available to fix vulnerability

Researchers from Columbia University have uncovered a security vulnerability in Cisco (Nasdaq: CSCO) VoIP phones that could enable a hacker to eavesdrop on private conversations, according to a story in Forbes magazine.

Ang Cui, a fifth year graduate student at Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, demonstrated an attack on the Cisco Unified IP Phone 7900 series at the Amphion Forum in San Francisco held last week.

Cui used a technique he and fellow Columbia researcher Salvatore Stolfo developed to compromise office printers. He inserted an external circuit board on the Cisco phone that he said could be easily placed onto any telephone inside a target organization, such as a lobby phone, according to the report.

The researcher then used a mobile phone app he developed to connect to the circuit board and obtain microphone data from the compromised phone located on the speaker's dais where the Off Hook Switch microphone captured Cui's words. He sent the voice data over the Internet to Google's Speech-to-Text service and then put his spoken words on a screen behind him so the audience could see them, Forbes related.

Once the phone was compromised, the entire network of phones could be vulnerable to eavesdropping, Cui said. He also explained that he could compromise the phone remotely without inserting a circuit board.

Cui said the research was funded as part of programs by the Defense Advanced Research Projects Agency and the Intelligence Advanced Research Projects Activity and that he had briefed Cisco and U.S. government officials about the vulnerability prior to presenting the research publicly.

In response to the demonstration, Cisco said in a statement: "workarounds and a software patch are available to address this vulnerability...[and] successful exploitation requires physical access to the device serial port, or the combination of remote authentication privileges and non-default device settings."

For more:
- read the Forbes article

Related articles:
Cisco, Microsoft and Avaya named as top UC providers by IT managers
Cisco's acquisition of Cariden latest effort to expand outside shrinking core business