[cisco-voip] Cisco phones vulnerable to hack / remote access?

Scott Voll svoll.voip at gmail.com
Fri Jan 4 10:02:45 EST 2013


Lelio sent this out a week or two ago.
http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable
Check out the video.

We are a closed facility, so the attacker would have to either be inside,
or take a phone off the wall in a reception area AND have SSH access.

I talked to my SE and he said:
Workaround = Restrict SSH and CLI access to trusted users only.
Administrators may consider leveraging 802.1x device authentication to
prevent unauthorized devices or systems from accessing the voice network.

Ang accomplished this by first gaining access to the device via SSH and
utilizing TFTP to pull down a malicious binary that is designed to exploit
the insufficient validation issue of the affected System Calls. He ran this
from the user context on the device which performed the exploit. The
caveats of this particular issue are that an attacker would need to have
Authenticated Access either via SSH (Which would need to be enabled, it is
not enabled by default), or local access via the Serial port. The attacker
would also need to be able to point the device at an attacker-controlled
TFTP server to retrieve the payload.

YMMV

Scott





On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <rkulagow at gmail.com>wrote:

> Since no one who knows anything for real is probably going to say
> anything for now, are there any mitigating factors that I can start
> thinking about once management sees the following article?
>
>
> http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/d21519a5/attachment.html>


More information about the cisco-voip mailing list