[cisco-voip] Cisco phones vulnerable to hack / remote access?
Adam Frankel
afrankel at cisco.com
Fri Jan 4 14:24:57 EST 2013
PSIRT will be including all updated information related to this on the
defect, CSCuc83860.
Adam
------------------------------------------------------------------------
*From:* Ed Leatherman <ealeatherman at gmail.com>
*Sent:* Fri, Jan 04, 2013 2:11:24 PM
*To:* Scott Voll <svoll.voip at gmail.com>
*CC:* Cisco VOIP <cisco-voip at puck.nether.net>
*Subject:* Re: [cisco-voip] Cisco phones vulnerable to hack / remote access?
> I completely missed the video at the top of the IEEE article the first
> time i read it.. i think my brain saw it as an advertisement and just
> ignored it.
>
> The researchers full presentation is here also:
> http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be
>
>
> On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <svoll.voip at gmail.com
> <mailto:svoll.voip at gmail.com>> wrote:
>
> Lelio sent this out a week or two ago.
> http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable
> Check out the video.
>
> We are a closed facility, so the attacker would have to either be
> inside, or take a phone off the wall in a reception area AND have
> SSH access.
>
> I talked to my SE and he said:
> Workaround = Restrict SSH and CLI access to trusted users only.
> Administrators may consider leveraging 802.1x device
> authentication to prevent unauthorized devices or systems from
> accessing the voice network.
>
> Ang accomplished this by first gaining access to the device via
> SSH and utilizing TFTP to pull down a malicious binary that is
> designed to exploit the insufficient validation issue of the
> affected System Calls. He ran this from the user context on the
> device which performed the exploit. The caveats of this particular
> issue are that an attacker would need to have Authenticated Access
> either via SSH (Which would need to be enabled, it is not enabled
> by default), or local access via the Serial port. The attacker
> would also need to be able to point the device at an
> attacker-controlled TFTP server to retrieve the payload.
>
> YMMV
>
> Scott
>
>
>
>
> On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski
> <rkulagow at gmail.com <mailto:rkulagow at gmail.com>> wrote:
>
> Since no one who knows anything for real is probably going to say
> anything for now, are there any mitigating factors that I can
> start
> thinking about once management sees the following article?
>
> http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
> --
> Ed Leatherman
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/5cf02fba/attachment.html>
More information about the cisco-voip
mailing list