|  Home   |  Forums   |  News   |  Blog   |  Reviews   |
 Satellite   Digital TV   IPTV   Cable   HDTV   Computers   Apple   Games   Mobile Phones   Broadband   Internet   Security   Telecoms   USB   VoIP   Wireless   Science 

November 29, 2007

Cisco IP phones vulnerable to eavesdropping

by Jan Harris

Cisco’s 7900 Series of IP phones has been shown to have a vulnerability in the Extension Mobility feature, which a hacker could exploit to eavesdrop on calls.

Extension Mobility allows users to configure a Cisco IP phone as their own. When the feature is enabled it fails to encrypt signalling communications between a device and an internal web server.

This could allow a hacker to access authentication credentials which could then be used to cut off users or eavesdrop on streaming media connections associated with calls.

However, although such an attack is theoretically possible, it would only succeed if the hacker already had valid Extension Mobility authentication credentials, together with access to a targeted network.

A greater danger could come from internal attacks. A successful attack on the vulnerability would leave a noise on the wire, and would also produce static noise on the phone while the attack was in progress.

The flaw was discovered by researcher Joffrey Czarney of Telindus, who presented a paper on his research at the Hack.Lu 2007 security conference, which was held in Luxemboug last month.

Bookmark and Share

Story link: Cisco IP phones vulnerable to eavesdropping

Discuss this in the Techwatch Forums

Related news to "Cisco IP phones vulnerable to eavesdropping"

No Comments »

No comments yet.

Leave a comment

Connect with Facebook

Previous: «
Next: »

Visited 294 times, 1 so far today