VoIP Phones Now Targets of Hackers: Cisco Ranks First in the Crosshairs But is Far from Alone

By Peter Bernstein December 12, 2012

The hit Mel Brooks film of 1981, History of the World Part 1, contains the wonderful quote from Brooks playing King Louis XVI where he says, “ It's good to be the king!” In the movies, this is true most of the time.   However, being the top gun in anything has risks as well as rewards. It means everyone wants to figuratively and unfortunately literally, take a shot at you. Over the years, such has been the case with Cisco since it emerged as the leader in voice over IP (VoIP) enterprise IP telephony solutions.

In fact, go to Google and type in “hacking VoIP phone systems.” It is depressing on several fronts. The first is the number of entries. Second and third are how long this has been a problem, and the fact that no vendor seems immune. However, last but not least is that Cisco has a big target on it as can be seen from the number of items associated with its VoIP phones.

For instance, last year, the HackLabs cracking demonstration of a VoIP hacking workshop at the AusCERT security conference in Australia, featured a Cisco phone being compromised. The demo showed how virtually any VoIP phone remains vulnerable to popular hacking techniques which means that:

  • ·Call data can be downloaded
  • ·VoIP conversations can be redirected, illegally recorded or similarly manipulated

In fact, at the time Bjoern Rupp, GSMK CryptoPhone's CEO, noted that VoIP phone systems could become networked listening devices, wire tapped remotely or silenced. His point was that VoIP phones are purpose-built computers and therefore need to be protected, just like other computers and currently they come up lacking.

Just how much are they lacking, you ask? Very—something a recent demonstration at the Amphion Forum conference by fifth year grad student Ang Cui from the Columbia University Intrusion Detection Systems Lab showed . 

Without going into all the details, what Cui demonstrated using a Cisco phone, was that by removing a small external circuit board from the phone’s Ethernet port—something that could be done easily and quickly by a “visitor” to your office—by using a smartphone every word spoken over that VoIP phone could be captured even though the VoIP phone was “on-hook.” And, the story gets worse.

According to Cui, not only was the secret in being able to patch the phone’s software with arbitrary pieces of code enabling him to turn the Off-Hook Switch into what he called a “funtenna,” he also claimed he could also do this remotely and without the need to insert a circuit board at all. And, it probably does not need to be said, but once one phone is compromised the potential is there for the entire phone network to be so as well.

Cui’s research at Columbia was through the auspices of a DARPA CRASH and IARPA Stonesoup Program. His work caught the attention of several U.S. federal government agencies whom are big Cisco VoIP phone system users, whom he has briefed on the subject of the vulnerabilities he found. Needless to say, it should cause you to be asking your VoIP vendor, and as mentioned above this really is not about Cisco but is about VoIP systems vulnerabilities in general, about what if anything you need to do to protect your enterprise from those who wish to do your organization harm.

This is much more than being concerned about denial of service attacks and malware infecting your network or bringing down your phone system because it is a data device. As the two hacking demos have highlighted, this is about the ability compromise your voice communications in all sorts of nefarious ways. It is difficult to put a value on peace of mind, yet it is easy to see the havoc that can be wrought as witnessed in the ongoing British tabloid hacking scandal that has rocked the Murdoch media empire. 

Now would be a good time to make that call.

Edited by Jamie Epstein
Related Articles

The Cybersecurity Race to Secure the Internet of Things

By: Doug Mohney    10/25/2016

Last week's wave of worldwide DDoS (Distributed Denial of Service) attacks through the use of unsecured Internet of Things (IoT) devices is both distu…

Read More

AT&T Announces Plans to Buy Time Warner

By: Paula Bernier    10/24/2016

AT&T over the weekend revealed plans to purchase Time Warner Inc. in a deal valued at more than $85 billion, driving down both of their stocks and dra…

Read More

Google Adds CBS to its Unplugged Roster

By: Steve Anderson    10/21/2016

Over-the-top Web-based television seems to be the way of the future, as demonstrated by Netflix, Hulu, and a host of developments to follow, along wit…

Read More

A New Stock Price High for Microsoft?

By: Steve Anderson    10/21/2016

It would be easy to think that Microsoft's stock price glory days were behind it, lost with the dot-com bubble and a little song called "Mambo No. 5."…

Read More

T-Mobile, FCC Reach 10-Figure Settlement Agreement

By: Steve Anderson    10/21/2016

It's a shot in the chops for T-Mobile, as the company recently agreed to a settlement with the Federal Communications Commission (FCC) over the matter…

Read More