Cisco tackles security threat to IP phones


Cisco tackles security threat to IP phones

Antony Savvas

Cisco is trying to tackle a security threat in its voice over IP phones that allows hackers to eavesdrop on conversations.

The threat was discovered by a researcher working for Telindus, and allows hackers to remotely eavesdrop on Cisco Unified IP Phones.

Cisco has confirmed that an attacker, with valid Extension Mobility authentication credentials, could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.

This ability can be exploited to perform a remote eavesdropping attack. All Cisco IP Phones that support the Extension Mobility feature are vulnerable, said Cisco.

To obtain Extension Mobility authentication credentials, an attacker needs physical access to the network to sniff credentials. This can be accomplished by inserting a sniffing device between an IP phone and switch port, said Cisco.

In a throwback to old-fashioned wire-tapping, Cisco said that such attacks would produce static noise on the IP phone while it was under attack.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy