Feeds

Hackers turn Cisco phones into remote bugging devices

Confidential communications tapped by default

Boost IT visibility and business value

Internet phones sold by Cisco Systems ship with a weakness that allows them to be turned into remote bugging devices that intercept confidential communications in a fashion similar to so many Hollywood spy movies, SC Magazine reported.

The publication quoted consultants from Australia-based HackLabs, who said customers had lost $20,000 a day from exploits, which also included attacks that forced the devices to make calls to premium phone numbers. The consultants said the underlying weaknesses were present in the default settings and could be fixed only by making changes to the phones' configuration settings.

“The book says to shut off web services,” HackLabs' Peter Wesley was quoted as saying, referring to the manual that shipped with the phones. “Who's going to read all that.”

SC Magazine said that a Cisco spokesman advised users to “apply the relevant recommendations in manuals to secure their systems. There was no explanation why phones are by default open to the attacks described in the article. A more sensible policy might be to ship the phones with the features disabled and allow customers who have a specific need for them to turn them on.

The magazine didn't name the specific make of phone, which is also susceptible to denial of service attacks. The article is here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
EE: STILL Blighty's best mobe network, says 'Frappucino' Moore
Fresh round of network stats fisticuffs possibly on the cards here
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
Google's so smart it's discovered SHARKS HAVE TEETH
Congratulations, world media, for rediscovering submarine cable armour
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?