Columbia University Discovers Cisco Phone Hack

By Brittany Walters-Bearden January 07, 2013

There’s new cause for companies to be worried about their network safety, user privileges and laissez-faire BYOD policies. At the Chaos Communications conference December 29, it was revealed that Cisco phones are vulnerable to eavesdropping hacks. 

The vulnerability was discovered by doctoral candidate Ang Cui and Professor Sal Stolfo of Columbia University while they were working on a grant from the U.S. Defense Department.

Professor Stolfo warned, “On the dark side, these phones are sold worldwide. Any government that would like to peer into the private lives of citizens could use this.” 

He called it a “great opportunity to create a low-cost surveillance system that is already deployed.”

Cui demonstrated the hack for NBC News, revealing that in a matter of seconds, a small device pre-loaded with software could be plugged into a port on the phone and rewrite its IP software. This vulnerability exists because the phones make routine connections with a central server looking for updated instructions.

According to Bob Sullivan of NBC News, Cisco listed 15 phone models impacted by the threat in an announcement sent to their customers in December. Despite the implications of this announcement, Cisco maintains that, with only a few exceptions, hackers would need physical access to a telephone in order to execute the attack.

The team at Columbia says that these “rare” exceptions are not as innocuous as Cisco might have consumers believe; an e-mail attachment with a virus could easily execute the attack. 

Cui said, “You could attack the network, and then attack a single person’s phone – say, the CEO, at home.”

This potential threat is a great reminder for all companies, not just those using the popular phone system, to keep their employees apprised of online safety. Companies should evaluate their user privileges, host regular employee training on network safety, and consider revising their BYOD policies to ensure that they are safe from outside attacks.

Edited by Braden Becker

TechZone360 Contributor

Related Articles

Microsoft Out-Pencils Apple, Adds Laptop

By: Doug Mohney    10/7/2015

If the stylus is the standard by which business tablets are now to be judged, Microsoft's Surface Pro 4 clearly one-upped Apple's iPad Pro and pencil.…

Read More

Microsoft Introduces the Surface Book, Newest Surface Pro and Lumia Models

By: Joe Rizzo    10/6/2015

Microsoft revamped their lineup at this morning's NYC demonstration, with a clear challenge to Apple. Here are the most notable additions to the Micro…

Read More

Parks Associates Study Sheds Light on SMD Viewing Habits

By: Kyle Piscioniere    10/6/2015

Recent Parks Associates research has determined that U.S households with a streaming media device (Roku, Apple TV, Chromecast, etc.) consume four more…

Read More

Dorsey Named Twitter CEO a Second Time

By: Christopher Mohr    10/6/2015

Twitter announced recently that Jack Dorsey, who had been serving as the company's interim CEO the past three months, will continue in the same role o…

Read More

Who Will Save Sprint?

By: Doug Mohney    10/5/2015

Sprint has been on the skids for a while, a long slow decline due to a combination of bad decisions. Currently owned by SoftBank, it's an open questio…

Read More