Cisco IP phones buggy

Columbia researchers discover vulnerabilities that could allow hackers to listen in on calls, call data

All of Cisco's IP phones are vulnerable to complete control by hackers, including the ability to access audio data at any time even if a phone call is not in progress. This is the finding of computer scientists at Columbia University, according to this report in IEEE Spectrum.

And once a Cisco IP phone is hacked, it can infect other phones on the same network and attack computers and other attached devices, the scientists found. They reported their findings to Cisco in October and the company is developing a patch. But it's still unclear how many phones are still vulnerable, IEEE Spectrum reported.

According to one of the scientists:

"We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything."

Cisco's IP phones are prevalent. Cisco was close second to Avaya in enterprise telephony revenue share in the $12.4 billion 2011 market, but overtook Avaya in Q2 and Q3 of this year, according to Dell'Oro Group.  IEEE Spectrum uses Cisco IP phones. Scientists even scanned Google to find photos of Cisco phones in the White House, Air Force One and in former CIA director David Petraeus' office.

E-mail did Petraeus in but maybe he was only a phone call away as well...

The vulnerabilities were found in the phones' Unix-based operating system kernel, according to IEEE Spectrum. The Columbia researchers developed a Bluetooth-enable device to attack the phone via physical connection but they also say the phones could be remotely compromised as well. They plan to demonstrate this vulnerability at a conference in Germany two days after Christmas.

The vulnerabilities cropped up as the researchers were studying embedded devices.

The Cisco patch is not yet available for download on its website, according to the report. Cisco is working with its own engineers and Columbia to validate it.

Once the patch is finalized, Cisco will incorporate it into its next major IP phone software release early next year, IEEE Spectrum states.

More from Cisco Subnet:

Cisco acquires virtual network controller maker vCider

Major enhancements coming for Cisco Catalyst 6500

Cisco takes next steps to blend wired, wireless networks

HP takes aim at Cisco, Juniper with full SDN portfolio splash

Cisco releases major update to its security management product

Juniper shaking up data center portfolio?

Cisco rival quietly downsizing too

Cisco CEO's almost excellent adventure

Cisco CEO Chambers hints at retirement

Six Free Cisco Labs

15 More Useful Cisco Sites

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter



Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022