Breaking News | Forum | UK News | USA News | World News | Political News | Sci-Tech News | War & Terrorism News | Sports News | Multimedia | Set Homepage

Translate:

Monday, December 3rd, 2007

In October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone

By Linda Leung Framingham

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones. In its security response, Cisco says: “an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.”

Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that “any Extension Mobility account configured on an IP phone’s Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack.”

The technique was described by Telindus researcher Joffrey Czarny at HACK.LU 2007 in Luxembourg in October.

Cisco has published some workarounds to this problem in its security response.

Also in October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone.

The hackers, John Kindervag and Jason Ostrom said they were able to access the hotel’s financial and corporate network and recorded other phone calls, according to a blog on Wired.com.

The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC — which the hackers switched in place of the hotel phone — into the network running the VoIP, according to the blog post.

The Avaya configuration is superior to Cisco, according to the hackers, because you have to send requests beyond a sniffer. Although it can be breached the same way, by replacing the phone with a PC.

Related News

• Mobile Phone Number Moving Caused Feds to Wiretap Wrong American
• Internet Calls Subject To Phone Tapping
• NSA to spy on 38% of world telecom traffic
• Earth Day: Is the impact worth the build-up?
• VIDEO: Globalisation and the Media

This entry was posted on Monday, December 3rd, 2007 at 11:10 am and is filed under Science & Technology News, Surveillance, Civil Liberties & Human Rights News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Loading ...

ADVERTISEMENTS

SITE MAPS

7/7 Afghanistan Alternative-Energy Art BBC Big-Brother Bilderberg Biometrics Bush Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Debt Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel John McCain Law Marches Media News MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Propaganda RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spy Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war War & Terrorism News Warfare White-House Wolfowitz World-News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version