[cisco-voip] Cisco phones vulnerable to hack / remote access?

Ed Leatherman ealeatherman at gmail.com
Fri Jan 4 14:11:24 EST 2013


I completely missed the video at the top of the IEEE article the first time
i read it.. i think my brain saw it as an advertisement and just ignored it.

The researchers full presentation is here also:
http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be


On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <svoll.voip at gmail.com> wrote:

> Lelio sent this out a week or two ago.
> http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable Check out the video.
>
> We are a closed facility, so the attacker would have to either be inside,
> or take a phone off the wall in a reception area AND have SSH access.
>
> I talked to my SE and he said:
> Workaround = Restrict SSH and CLI access to trusted users only.
> Administrators may consider leveraging 802.1x device authentication to
> prevent unauthorized devices or systems from accessing the voice network.
>
> Ang accomplished this by first gaining access to the device via SSH and
> utilizing TFTP to pull down a malicious binary that is designed to exploit
> the insufficient validation issue of the affected System Calls. He ran this
> from the user context on the device which performed the exploit. The
> caveats of this particular issue are that an attacker would need to have
> Authenticated Access either via SSH (Which would need to be enabled, it is
> not enabled by default), or local access via the Serial port. The attacker
> would also need to be able to point the device at an attacker-controlled
> TFTP server to retrieve the payload.
>
> YMMV
>
> Scott
>
>
>
>
>
> On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <rkulagow at gmail.com>wrote:
>
>> Since no one who knows anything for real is probably going to say
>> anything for now, are there any mitigating factors that I can start
>> thinking about once management sees the following article?
>>
>>
>> http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>


-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/125d7df9/attachment.html>


More information about the cisco-voip mailing list