[cisco-voip] Cisco phones vulnerable to hack / remote access?
Justin Steinberg
jsteinberg at gmail.com
Fri Jan 4 14:21:39 EST 2013
Nick's link seems like an internal site. I don't see anything on the
public psirt page.
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
On Fri, Jan 4, 2013 at 2:11 PM, Ed Leatherman <ealeatherman at gmail.com>wrote:
> I completely missed the video at the top of the IEEE article the first
> time i read it.. i think my brain saw it as an advertisement and just
> ignored it.
>
> The researchers full presentation is here also:
> http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be
>
>
> On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <svoll.voip at gmail.com> wrote:
>
>> Lelio sent this out a week or two ago.
>> http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable Check out the video.
>>
>> We are a closed facility, so the attacker would have to either be inside,
>> or take a phone off the wall in a reception area AND have SSH access.
>>
>> I talked to my SE and he said:
>> Workaround = Restrict SSH and CLI access to trusted users only.
>> Administrators may consider leveraging 802.1x device authentication to
>> prevent unauthorized devices or systems from accessing the voice network.
>>
>> Ang accomplished this by first gaining access to the device via SSH and
>> utilizing TFTP to pull down a malicious binary that is designed to exploit
>> the insufficient validation issue of the affected System Calls. He ran this
>> from the user context on the device which performed the exploit. The
>> caveats of this particular issue are that an attacker would need to have
>> Authenticated Access either via SSH (Which would need to be enabled, it is
>> not enabled by default), or local access via the Serial port. The attacker
>> would also need to be able to point the device at an attacker-controlled
>> TFTP server to retrieve the payload.
>>
>> YMMV
>>
>> Scott
>>
>>
>>
>>
>>
>> On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <rkulagow at gmail.com>wrote:
>>
>>> Since no one who knows anything for real is probably going to say
>>> anything for now, are there any mitigating factors that I can start
>>> thinking about once management sees the following article?
>>>
>>>
>>> http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
>
> --
> Ed Leatherman
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/ae7108be/attachment.html>
More information about the cisco-voip
mailing list