Malware leaves Cisco VoIP phones "open to call tapping"
By Stewart Mitchell
Posted on 8 Jan 2013 at 11:06
US security researchers have warned that Voice over IP (VoIP) services from Cisco and other manufacturers could be tapped.
The research at Columbia Engineering – funded by US military research arm Darpa - found the flaw affected all 14 of Cisco's Unified IP Phone models that are used in government departments and corporations around the world. Equipment from other manufacturers could also be vulnerable.
By inserting malware into handsets the researchers said they could start eavesdropping on private conversations, "not just on the phone but also in the phone's surroundings".
"It's not just Cisco phones that are at risk. All VoIP phones are particularly problematic since they are everywhere and reveal our private communications," said professor Salvatore Stolfo, project leader.
It's relatively easy to penetrate any corporate phone system, any government phone system, any home with Cisco VoIP phones — they are not secure
"It's relatively easy to penetrate any corporate phone system, any government phone system, any home with Cisco VoIP phones — they are not secure."
According to the researchers, they found multiple vulnerabilities in the firmware on the phones and in embedded systems distributed throughout VoIP networks, and although Cisco has moved to block the vulnerability, the researchers say the fix is insufficient.
“It doesn't solve the fundamental problems we've pointed out to Cisco," the researchers said. "We don't know of any solution to solve the systemic problem with Cisco's IP Phone firmware except for the Symbiotes technology or rewriting the firmware."
Cisco was unavailable for comment at the time of publication.
The Symbiotes technology refers to a system under development by the researchers, which they claim uses binary firmware analysis to identify faulty software in embedded systems.
According to the researchers, Symbiotes is designed to safeguard against malicious code injection attacks on host systems by working in tandem with the system software. "This is a host-based defence mechanism that's a code structure inspired by a natural phenomenon known as symbiotic defensive mutualism," the researchers said.
Under the system, host programs would be required to interact with Symbiotes executable files in order to monitor them for suspicious behaviour, and removal of Symbiotes would render the host useless, which the scientists believe makes for greater protection from attack.
“Symbiotes, which at runtime is required by its host to successfully execute in order for the host to operate, then monitors its host's behaviour to ensure it continues to operate correctly, and, if not, it stops the host from doing harm," the researchers said.
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software