Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco voIP phones. In its security response, Cisco says: "an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream."
Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that "any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack."
Cisco has published some workarounds to this problem in its security response.
The technique was described by Telindus researcher Joffrey Czarny at HACK.LU 2007 in Luxembourg in October.
Also in October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel's corporate network using a Cisco VoIP phone.
The hackers, John Kindervag and Jason Ostrom said they were able to access the hotel's financial and corporate network and recorded other phone calls, according to a blog on Wired.com.
The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP, according to the blog post.
The Avaya configuration is superior to Cisco, according to the hackers, because you have to send requests beyond a sniffer. Although it can be breached the same way, by replacing the phone with a PC.
Further reading:
Hackers gain access to private hotel network using Cisco VoIP
Network World's IT Buyer's Guide: Cisco products
Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Duh! didn't see that one
Duh! didn't see that one coming..! People in certain arenas have been exploiting that one for months now. How nice of Cisco to finally make the general public (low-tech!) aware that their phone calls are being tapped.
Anyone with half a brain wouldn't go anywhere near IP telephony if they want even a modest amount of security.
Cue CCIE's and so called security experts to spout on at me about the fantastic encrypted SIP and VPN's etc etc.
LOL!
"Cue CCIE's and so called security experts to spout on at me about the fantastic encrypted SIP and VPN's etc etc."
Good luck with your TDM PBX. This is an example of a design flaw, VoIP can be secured just as good as anything else out there. BTW all of those PBXs with modems attached for remote access are very secure. Oh didn't some European country have it's TDM infrastructure hacked?
(Must be a Nortel employee.........)