Cisco VoIP phones part of security weakness demo

Cisco reaching out to AusCERT 2011 conference and speakers, Microsoft included in VoIP security weakness demo

At an upcoming conference in Australia, security firm HackLabs is expected to demonstrate how hackers perform VoIP attacks and identify weaknesses in Cisco and other manufacturers VoIP phones.

Top 5 things to do before buying more security technology

HackLabs director Chris Gatford has not responded to questions about exactly what type of Cisco VoIP phones and systems will be subject to close examination for security weaknesses. The AusCERT 2011 presentation that HackLabs will do next week is described as "a one-day tutorial" of intensive, hands-on training in which "participants will learn how hackers perform VoIP Attacks and how to remediate common vulnerabilities. Attendees will learn how hackers can methodically gain entry access to an organization's telephony systems to steal information and abuse services."

The conference session description says the HackLabs attacks will focus on Cisco phones, Cisco Call Manager and Microsoft Office Communicator.

A spokesman for Cisco says the company has "reached out to the conference organizers and speakers for more details. At this point we have no information to suggest any undisclosed product vulnerabilities, but we will assess any new information and respond in line with our well-established process for the public reporting of security vulnerabilities," which are identified here.

The Cisco spokesman adds, "It's important to note that the presenters' public comments reference the importance of securing IP phones in line with the manufacturer's installation and configuration recommendations, and we support this message and recommend it as best practice for our customers."

Demonstrations by security firms on how to attack VoIP phones in order to gain unauthorized use or attack the VoIP network and endpoints is nothing new. Many Black Hat Conference demonstrations in the past have focused on this as a topic.

At AusCERT 2011 next week, HackLabs, which specializes in penetration testing, could stick to discussing "implementation mistakes" or might disclose new information about vulnerabilities that would require remediation of VoIP equipment in some way.

Learn more about this topic

AusCERT 2011 Conference Schedule

Researchers flag VoIP exploits at Black Hat

First look at Cisco's Call Manager 8.5

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies