Feeds

Hackers turn Cisco phones into remote bugging devices

Confidential communications tapped by default

Beginner's guide to SSL certificates

Internet phones sold by Cisco Systems ship with a weakness that allows them to be turned into remote bugging devices that intercept confidential communications in a fashion similar to so many Hollywood spy movies, SC Magazine reported.

The publication quoted consultants from Australia-based HackLabs, who said customers had lost $20,000 a day from exploits, which also included attacks that forced the devices to make calls to premium phone numbers. The consultants said the underlying weaknesses were present in the default settings and could be fixed only by making changes to the phones' configuration settings.

“The book says to shut off web services,” HackLabs' Peter Wesley was quoted as saying, referring to the manual that shipped with the phones. “Who's going to read all that.”

SC Magazine said that a Cisco spokesman advised users to “apply the relevant recommendations in manuals to secure their systems. There was no explanation why phones are by default open to the attacks described in the article. A more sensible policy might be to ship the phones with the features disabled and allow customers who have a specific need for them to turn them on.

The magazine didn't name the specific make of phone, which is also susceptible to denial of service attacks. The article is here. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.