Cisco Warns Serious VoIP Vulnerability Enables Eavesdropping

By Robert Westervelt
January 11, 2013 1:19 PM ET

Page 2 of 2

During the presentation, systems expert Cui showed the Cisco phone at the White House and on Air Force One. The device is not really a phone, he said, but a general purpose computer put into a plastic case to make it look like a phone. The device runs Cisco's proprietary UNIX OS and Java. It uses the SSH protocol, but "the way it's implemented makes it worse than Telnet," Cui said.

Despite being signed firmware, Cui said he found the code signing only takes place at boot time. Once the phone boots up, an attacker can log in, download any code they want and execute it from the temp directory, he said.

PUBLISHED JAN. 11, 2013

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows