PLUS, they tend to pass room audio onto the network at all times, and
it is wicked easy to re-flash the firmware in the phones remotely.
Many hotels as putting VOIP phones in the rooms and typing the
network into one big hotel network, but this allows any guest of the
hotel to listen in to the rooms of any other guests at the hotel from
anywhere inside the hotel, and in some cases room anywhere in the world.
I also STRONGLY recommend the use of an in-line traffic analyzer, or
a hub in parasitic mode (transmit circuit disabled) to see if you
have traffic on a VOIP line BEFORE you disconnect it from the switch.
-jma
http://www.networkworld.com/news/2007/112907-cisco-voip-eavesdropping.html
Cisco confirms ability to eavesdrop on remote calls using its VoIP phones
By Linda Leung, NetworkWorld.com, 11/29/07
Sponsored by:
Cisco confirmed it is possible to eavesdrop on remote conversations
using Cisco VoIP phones. In its security response, Cisco says: "an
attacker with valid Extension Mobility authentication credentials
could cause a Cisco Unified IP Phone configured to use the Extension
Mobility feature to transmit or receive a Real-Time Transport
Protocol (RTP) audio stream."
Cisco adds that Extension Mobility authentication credentials are not
tied to individual IP phones and that "any Extension Mobility account
configured on an IP phone's Cisco Unified Communications
Manager/CallManager (CUCM) server can be used to perform an
eavesdropping attack."
The technique was described by Telindus researcher Joffrey Czarny at
HACK.LU 2007 in Luxembourg in October.
Cisco has published some workarounds to this problem in its security response.
Also in October, two security experts at hacker conference ToorCon9
in San Diego hacked into their hotel's corporate network using a
Cisco VoIP phone.
The hackers, John Kindervag and Jason Ostrom said they were able to
access the hotel's financial and corporate network and recorded other
phone calls, according to a blog on Wired.com.
The hackers used penetration tests propounded by a tool called VoIP
Hopper, which mimics the Cisco data packets sent at three minute
intervals and then trades a new Ethernet interface, getting the PC -
which the hackers switched in place of the hotel phone - into the
network running the VoIP, according to the blog post.
The Avaya configuration is superior to Cisco, according to the
hackers, because you have to send requests beyond a sniffer. Although
it can be breached the same way, by replacing the phone with a PC.
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:27 CST