Saturday, January 12, 2013

Found a serious vulnerability IP-phones from Cisco

Two researchers from Columbia University (USA), PhD Ang Cui and Professor of Applied Mathematics Salvatore Solfo, found a very serious vulnerability in the office IP-phones series CiscoUnified IP Phone 7900, which opens the possibility of attackers listening.

As it turned out, with physical access to the serial port of the device it is possible to reprogram the terminal so that it listens on all the sounds around you behind the scenes. It is noteworthy that so far not found a way to quickly deal with this problem (other than a complete change of firmware), and Cisco will release a new firmware for the devices in about six months. At the same time, the company has already released a hot fix for devices of this series, which solves the problem only partially, making it difficult to reprogram.

Software vulnerabilities are a real scourge of modern electronics - computers, phones and other devices connected to the network. New problem with IP-phone was demonstrated at the 29th hacker conference CCC (Chaos Communication Congress). Speech writers was held under the title "If you're not paranoid does not mean that your phone does not listen to anything you say." At this conference, the authors showed how to implement a special code via the serial port on the IP-phone. After the introduction of the phone code starts to execute all commands cracker. Such phones from Cisco, working via VoIP, involving up to 50 million jobs in the U.S. and around the world. In particular, such a machine is installed in the offices of the presidential administration, the U.S. and even the president's plane.

Among other functions, opened as a result of the break, it is possible to monitor and record all telephone calls, and also include a microphone device for wiretapping negotiations within earshot. All negotiations and recorded sounds can be transmitted over the network to a computer hacker in streaming mode. When enabled wiretapping (even if the handset is on the cradle), the indicator does not turn on the microphone, so that the user can not see the fact listening.

First demonstration of the vulnerability held in December 2012. Almost immediately, Cisco has released the first patch, but the authors have shown that it does not solve the problem. In response, the company issued a formal recommendation, which promises to rewrite the firmware. The exact timing of its release is not specified.

Hacking shown by researchers from Columbia University, works by replacing some parts of the user address space or kernel in the phone. This substitution allows the contents of the phone to access the superuser (root) to the phone's firmware, which is a Unix-like operating system built. In the end, with privileged access an attacker can completely control of a digital signal processor, and other key functions.

Although the attack requires physical access to a telephone, it can easily hold cleaners, colleagues and other full-fledged office workers. Hacked phone is almost impossible to recognize. Already, many people are concerned about security, often opaque tape glued to the webcam to avoid unauthorized surveillance. Attacks on the phone as eavesdropping "bug" will be much more difficult to circumvent. At the moment, the vulnerability is open only to Cisco devices in one series, but it is not known what other hidden features are hidden in other network devices.


No comments:

Post a Comment