The Cisco Phone in the Boardroom Eavesdrops on Private Talks

Just because you are paranoid doesn`t mean your phone isn`t listening to everything you say

At the 29^th Chaos Communication Congress, researchers Ang Cui and Michael Catello made public a proof of concept on how critical kernel vulnerabilities in Cisco Native Unix can be exploited to transform all Cisco Unified IP Phones 7900 Series in a network into remote bugging devices.

This basically allows attackers to compromise the firmware of the Cisco IP Phone in boardrooms or on employees` office desks to eavesdrop on private conversations. The researchers at Columbia University managed to activate the IP Phone microphone without lifting the handset, and to remotely listen to conversations.

“We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels.” explain the researchers behind the Hacking Cisco Phones project. “We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet.” they add.

Cisco was immediately informed of the vulnerability and issued an advisory on Wednesday detailing the bug. Their advisory reads “An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.”

Cisco used the security advisory to offer a temporary solution to customers handling vulnerable IP phones until the permanent patch scheduled for January 21^st.