All of Cisco's IP phones are vulnerable to complete control by hackers, including the ability to access audio data at any time even if a phone call is not in progress. This is the finding of computer scientists at Columbia University, according to this report in IEEE Spectrum.
And once a Cisco IP phone is hacked, it can infect other phones on the same network and attack computers and other attached devices, the scientists found. They reported their findings to Cisco in October and the company is developing a patch. But it's still unclear how many phones are still vulnerable, IEEE Spectrum reported.
According to one of the scientists:
"We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything."
Cisco's IP phones are prevalent. Cisco was close second to Avaya in enterprise telephony revenue share in the $12.4 billion 2011 market, but overtook Avaya in Q2 and Q3 of this year, according to Dell'Oro Group. IEEE Spectrum uses Cisco IP phones. Scientists even scanned Google to find photos of Cisco phones in the White House, Air Force One and in former CIA director David Petraeus' office.
E-mail did Petraeus in but maybe he was only a phone call away as well...
The vulnerabilities were found in the phones' Unix-based operating system kernel, according to IEEE Spectrum. The Columbia researchers developed a Bluetooth-enable device to attack the phone via physical connection but they also say the phones could be remotely compromised as well. They plan to demonstrate this vulnerability at a conference in Germany two days after Christmas.
The vulnerabilities cropped up as the researchers were studying embedded devices.
The Cisco patch is not yet available for download on its website, according to the report. Cisco is working with its own engineers and Columbia to validate it.
Once the patch is finalized, Cisco will incorporate it into its next major IP phone software release early next year, IEEE Spectrum states.
More from Cisco Subnet:
The Cisco Subnet blog is written by Network World managing editor Jim Duffy Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
Follow Jim Duffy on Twitter