Why are Cisco VoIP phones so hackable?

Here'sBjoern Rupp, the CEO of GSMK Cryptophone, explaining why Cisco VoIP phones are such a profitable target for the law breaking community. Modern VoIP phones are specialised computers that just happen to look like phones. So they can be attacked at many different points, ranging from the comm

GSMK CryptoPhone_Bjoern Rupp low res.jpgHere's  Bjoern Rupp, the CEO of GSMK  Cryptophone, explaining why Cisco VoIP phones are such a profitable target for the law breaking community. 

Modern VoIP phones are specialised computers that just happen to look like phones. So they can be attacked at many different points, ranging from the communication protocols to planting trojan horses in the devices' operating software. It's laptops and desktop PCs all over again. 

In their AusCERT lecture, Chris Gatford and Peter Wesley focus a lot on problems specifically associated with Cisco phones and the Cisco Call Manager software. But the underlying problems affect most other VoIP phones, too.

Take protocols. The SIP protocol used by most current VoIP systems is very complex with a huge software footprint and a multitude of extensions and add-ons that pose exploitable security risks. In addition, many corporate VoIP systems conduct few authentication checks. So it's possible for an attacker to re-route traffic by means of, for example, ARP flood attacks on IP switches or by assigning false subnet masks and router addresses. 

On the device side, most modern VoIP phones can be maliciously re-programmed and exploited. Programme code in the phones can be remotely updated and modified, enabling an attacker to remotely control a phone, e.g. by using it as a tool to bug a conference room.

Can I do it? Or do you need specialist knowledge and equipment?

You can certainly do it, especially if your local IT system administrator did not pay much attention to VoIP-related security issues. Apart from a regular desktop computer, no special equipment is required. A certain extent of specialist knowledge is however very helpful if you were to exploit the full spectrum of VoIP phone vulnerabilities.

What damage can be done?

Just imagine the damage if you could control all phones in a given organisation - almost everything is possible, from disclosing confidential phone calls, turning phones in conference rooms in fully-equipped bugging equipment, telephone fraud, to crashing the local switch and removing all traces of the intrusion.
This was last published in May 2011

MicroScope+

Content

Find more MicroScope+ content and other member only offers, here.

Read more on Threat Management Solutions and Services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

ComputerWeekly

SearchITChannel

Close