A bug involving 7900 Series IP phones from Cisco creates a means for hackers to eavesdrop on calls.

The flaw stems from security shortcomings in the Extension Mobility feature of the phones, which allows users to configure a Cisco IP phone as their own. The feature is disabled by support, which is just as well because when enabled the feature fails to encrypt signalling communications between a device and an internal web server. This, in turn, creates a means for miscreants to sniff out authentication credentials. These credentials might subsequently be misused to cut off users or eavesdrop on streaming media connections associated with calls.

In a throwback to the early days of wiretapping, successful attacks based on the vulnerability leave a tell-tale noise on the wire.

"Internal testing by Cisco also revealed that the described attack produced static noise on the IP phone while it was under attack," Cisco said in an advisory that explains the issue and details possible workarounds.

The network giant credits researcher Joffrey Czarney of Telindus with discovering the flaw. Czarney presented a paper on his research at the recent Hack.Lu 2007 security conference, which was held last month in Luxembourg. ®

Related stories

• UCSniff - VoIP eavesdropping made easy (30 September 2008)
• Compressed VoIP leaves eavesdropping clues (23 June 2008)
• Disaster recovery bug hangs up Cisco comms kit (7 April 2008)
• Cisco plugs VoIP malware loophole (15 February 2008)
• SkypeFinds another security snafu (1 February 2008)
• Skype Trojan wiretap plan leaks onto the net (29 January 2008)
• Skype blocks poison movie peril (18 January 2008)
• Cambridge University dials up VoIP (8 January 2008)
• 999 comes to VoIP (5 December 2007)
• Skype crypto stumps German cops (23 November 2007)
• Crash bug blights Cisco IP phones (22 August 2007)
• Cisco wraps up against VoIP DoS bugs (29 March 2007)
• AirMagnet bids to analyse Cisco (21 February 2007)
• Cisco aims to plug channel knowledge gap on VoIP (28 November 2006)