Cisco IP phones vulnerable to eavesdropping

Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls.

Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server.

This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls.

However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network.

A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress.

The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month.

Story link: Cisco IP phones vulnerable to eavesdropping