Feeds

Hackers turn Cisco phones into remote bugging devices

Confidential communications tapped by default

Top 5 reasons to deploy VMware with Tegile

Internet phones sold by Cisco Systems ship with a weakness that allows them to be turned into remote bugging devices that intercept confidential communications in a fashion similar to so many Hollywood spy movies, SC Magazine reported.

The publication quoted consultants from Australia-based HackLabs, who said customers had lost $20,000 a day from exploits, which also included attacks that forced the devices to make calls to premium phone numbers. The consultants said the underlying weaknesses were present in the default settings and could be fixed only by making changes to the phones' configuration settings.

“The book says to shut off web services,” HackLabs' Peter Wesley was quoted as saying, referring to the manual that shipped with the phones. “Who's going to read all that.”

SC Magazine said that a Cisco spokesman advised users to “apply the relevant recommendations in manuals to secure their systems. There was no explanation why phones are by default open to the attacks described in the article. A more sensible policy might be to ship the phones with the features disabled and allow customers who have a specific need for them to turn them on.

The magazine didn't name the specific make of phone, which is also susceptible to denial of service attacks. The article is here. ®

Remote control for virtualized desktops

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.