Why Are Cisco VoIP Phones So Hackable?

Modern VoIP phones are specialised computers that just happen to look like phones. So they can be attacked at many different points, ranging from the communication protocols to planting trojan horses in the devices’ operating software. It’s laptops and desktop PCs all over again.

In their AusCERT lecture, Chris Gatford and Peter Wesley focus a lot on problems specifically associated with Cisco phones and the Cisco Call Manager software. But the underlying problems affect most other VoIP phones, too.

Take protocols. The SIP protocol used by most current VoIP systems is very complex with a huge software footprint and a multitude of extensions and add-ons that pose exploitable security risks. In addition, many corporate VoIP systems conduct few authentication checks. So it’s possible for an attacker to re-route traffic by means of, for example, ARP flood attacks on IP switches or by assigning false subnet masks and router addresses.

On the device side, most modern VoIP phones can be maliciously re-programmed and exploited. Programme code in the phones can be remotely updated and modified, enabling an attacker to remotely control a phone, e.g. by using it as a tool to bug a conference room.

Can I do it? Or do you need specialist knowledge and equipment?

You can certainly do it, especially if your local IT system administrator did not pay much attention to VoIP-related security issues. Apart from a regular desktop computer, no special equipment is required. A certain extent of specialist knowledge is however very helpful if you were to exploit the full spectrum of VoIP phone vulnerabilities.

What damage can be done?

Just imagine the damage if you could control all phones in a given organisation – almost everything is possible, from disclosing confidential phone calls, turning phones in conference rooms in fully-equipped bugging equipment, telephone fraud, to crashing the local switch and removing all traces of the intrusion.

Source

Author
Recent Posts

Brian

Managing Partner at meshIP, LLC

Brian Byrne is the founder and Managing Partner of Dallas based meshIP, a technology services firm offering cloud computing strategies and services. He is an accomplished executive with senior management experience in all facets of the technology, telecom, cloud computing, and SaaS industries. He has proven success in developing, financing and executing strategic plans as well as launching new ventures. His background includes a record of significant achievement in international business development and his credentials include a MBA in Marketing and Management Strategy from the J.L. Kellogg Graduate School of Management at Northwestern University, a MS from the School of Computer Science at DePaul University, and a BBA in Finance from the University of Notre Dame.

He is also the inventor of the patented meshDETECT, Secure Prison Cell Phone Solutions.

LinkedIn Profile