<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body style="font-family: serif; font-size: 13px;" text="#000000"
bgcolor="#FFFFFF">
<div id="QCMcontainer" style="font-family:serif;font-size:13px;">PSIRT
will be including all updated information related to this on the
defect, CSCuc83860. <br>
<div class="moz-cite-prefix"><br>
<pre class="moz-signature" cols="72">Adam
</pre>
<hr tabindex="0"><font style="font-size:x-small" face="Tahoma"><!--@A@--><b>From:</b>
Ed Leatherman <a class="moz-txt-link-rfc2396E" href="mailto:ealeatherman@gmail.com"><ealeatherman@gmail.com></a><!--@A@--><br>
<!--@D@--><b>Sent:</b> Fri, Jan 04, 2013 2:11:24 PM<!--@D@--><br>
<!--@R@--><b>To:</b> Scott Voll <a class="moz-txt-link-rfc2396E" href="mailto:svoll.voip@gmail.com"><svoll.voip@gmail.com></a><!--@R@--><br>
<!--@C@--><b>CC:</b> Cisco VOIP
<a class="moz-txt-link-rfc2396E" href="mailto:cisco-voip@puck.nether.net"><cisco-voip@puck.nether.net></a><!--@C@--><br>
<!--@S@--><b>Subject:</b> Re: [cisco-voip] Cisco phones
vulnerable to hack / remote access?<!--@S@--><br>
</font><br>
</div>
<blockquote style="border: medium none ! important; padding-left:
0px ! important; padding-right: 0px ! important; margin-left:
0px ! important; margin-right: 0px ! important; font-size:
medium;"
cite="mid:CAFC4dsp8XVUYSmiTG5FQAv=DtR7p5YYuyhROhy2S41Or8F+7-Q@mail.gmail.com"
type="cite">
<div dir="ltr">I completely missed the video at the top of the
IEEE article the first time i read it.. i think my brain saw
it as an advertisement and just ignored it.
<div><br>
</div>
<div style="">The researchers full presentation is here also:</div>
<div style=""><a moz-do-not-send="true"
href="http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be">http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be</a><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:svoll.voip@gmail.com" target="_blank">svoll.voip@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Lelio sent this out a week or two ago. <a
moz-do-not-send="true"
href="http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable"
target="_blank">http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable</a>
Check out the video.
<div>
<br>
</div>
<div>We are a closed facility, so the attacker would
have to either be inside, or take a phone off the wall
in a reception area AND have SSH access.</div>
<div><br>
</div>
<div>I talked to my SE and he said: </div>
<div><span
style="font-size:10.5pt;font-family:Calibri,sans-serif">Workaround
= Restrict
SSH and CLI access to trusted users only.
Administrators may consider
leveraging 802.1x device authentication to prevent
unauthorized devices or
systems from accessing the voice network.</span><br>
</div>
<div><span
style="font-size:10.5pt;font-family:Calibri,sans-serif"><br>
</span></div>
<div>
<p><span
style="font-size:10.5pt;font-family:Calibri,sans-serif">Ang
accomplished this by first gaining access to the
device via
SSH and utilizing TFTP to pull down a malicious
binary that is designed to
exploit the insufficient validation issue of the
affected System Calls. He ran
this from the user context on the device which
performed the exploit. The
caveats of this particular issue are that an
attacker would need to have Authenticated
Access either via SSH (Which would need to be
enabled, it is not enabled by
default), or local access via the Serial port. The
attacker would also need to
be able to point the device at an
attacker-controlled TFTP server to retrieve
the payload.</span></p>
<p><span
style="font-size:10.5pt;font-family:Calibri,sans-serif">YMMV</span></p>
<span class="HOEnZb"><font color="#888888">
<p><span
style="font-size:10.5pt;font-family:Calibri,sans-serif">Scott</span></p>
<p><span
style="font-size:10.5pt;font-family:Calibri,sans-serif"> </span><span></span></p>
<span></span><span></span></font></span></div>
<div><span
style="font-size:10.5pt;font-family:Calibri,sans-serif"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
<div class="im">
On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rkulagow@gmail.com" target="_blank">rkulagow@gmail.com</a>></span>
wrote:<br>
</div>
<div>
<div class="h5">
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Since no one who knows anything for real is
probably going to say<br>
anything for now, are there any mitigating
factors that I can start<br>
thinking about once management sees the
following article?<br>
<br>
<a moz-do-not-send="true"
href="http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite"
target="_blank">http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite</a><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a moz-do-not-send="true"
href="mailto:cisco-voip@puck.nether.net"
target="_blank">cisco-voip@puck.nether.net</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote>
</div>
</div>
</div>
<br>
</div>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a moz-do-not-send="true"
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Ed Leatherman<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
</div>
</body>
</html>