Cisco tackles security threat to IP phones


Cisco tackles security threat to IP phones

Antony Savvas

Cisco is trying to tackle a security threat in its voice over IP phones that allows hackers to eavesdrop on conversations.

The threat was discovered by a researcher working for Telindus, and allows hackers to remotely eavesdrop on Cisco Unified IP Phones.

Cisco has confirmed that an attacker, with valid Extension Mobility authentication credentials, could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.

This ability can be exploited to perform a remote eavesdropping attack. All Cisco IP Phones that support the Extension Mobility feature are vulnerable, said Cisco.

To obtain Extension Mobility authentication credentials, an attacker needs physical access to the network to sniff credentials. This can be accomplished by inserting a sniffing device between an IP phone and switch port, said Cisco.

In a throwback to old-fashioned wire-tapping, Cisco said that such attacks would produce static noise on the IP phone while it was under attack.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy