atcomsystems.ca/forum Forums VOIP Phones & IP PBX VoIP & Cloud Phones, Hosted PBX, General IP Phones I wish I had it in writing

Wow! Times have sure changed. Used to be that someone had to break in and plant a bug in a room. Thank's to Crisco's advanced technology think of the trouble it will save spies and terrorists. Hats off to ya!

-Hal

Think about how remote this actually is. In order for a sniffer to work you either have to have a SPAN session setup or you have to do inline packet sniffing. You cant just hook a packet sniffer up to the switch, all you see are broadcasts from the VLAN you are on.


For attackers to exploit the vulnerability, the internal Web server of the IP phone must be enabled, which is a default setting. The IP phone must also be configured to use the Extension Mobility feature, which is not a default setting. In addition, the attacker must have valid Extension Mobility authentication credentials. An attacker could procure authentication credentials by gaining physical access to the network and inserting a sniffing device between an IP phone and switch port, according to the alert.

Remote yes but easily doable. I've done projects where security implements consist of optical isolators between rooms and vibrating pads on window panes do prevent parabollic antennae pickups from the parking lot. Had an interesting gentleman show up with a PC and aerial device looking for spurrious RF conversations. I don't think those guys will buy "think about how remote it is."

If you need this type of security turn off the internal web server or write an ACL for port 80.

If you need this type of security turn off the internal web server or write an ACL for port 80.

Or how about sticking to legacy systems where you don't have to worry about this BS.

-Hal

I think it'd be easier to tap into a legacy system. All you need is a buttset and access to the pole or pedestal. A T1 would complicate that a little more but you could still easily overcome that. I guess the difference is physically breaking into something vs. electronically breaking into it.

But from a practicality standpoint the skills needed to "Tap" a VoIP signal are a lot harder to obtain (and utilize) then the skills to tap a POTS/TDM line. Bottom line is if someone wants in and they have enough know-how, they are getting in.

Granted, in the cisco case, assuming the network was openly vulnerable, and the conditions were correct on the phone, they pretty much hand-deliver the convo on a silver platter.

True...they don't send petty thieves to intercept voice communications. Every system has it's weak points. Just don't send a guy with a TS22 butt set to tap a system with a PRI.

Not talking about tapping into a system here. We are talking about hacking into a system from outside and turning a phone into a bug to monitor the conversations in an office or room.

-Hal

A long time back (so many of posts seem to start with that these days) I worked as an installer on a fairly large job we did for Bond's Clothing Stores here in NYC.

Bond's was a medium to high priced store here in the city with quite a few stores. They had an ITT 400 PBX and a PAX system that we had put in years before. The presence of the PAX board was a legacy dating back to their days with NY Tel when their phone system was a set of plug boards. With those systems inter office communications was difficult so a lot of people went to private intercom only systems.

Anyway, I got the job of converting the President of Bonds PAX phone (a green 500 set) to A-Lead control, so the line could appear on his KV set.

When I opened the phone I found a box the size of a box of matches inside the phone. The yellow wire of the mounting cord was attached to what appeared to be an antenna (I guess to give it a little more range).

It took me a minute to understand what I was looking at. I got the foreman, he got the Security Director, I told my story and that was the last I saw of it.

A few years later in an ad agency I found a piece of xconnct wrapped around the pins on one guys 66 block. It went up into the ceiling, into a co workers office, into a desk drawer and connected to a tape recorder.

Point was - you had to break into the ofices to bug the room. Not sit safe at home with your extra large size bag of Cheetos and jumbo size Jolt cola and hack your way in.

Sam

It doesn't matter, either way both systems can be hacked. It is, what it is, and nobody can change the surge of VOIP and the fact that it is here to stay. You can bad mouth it, find faults, but it doesn't matter, it is here and will eventually be the only source of telcom, until the next thing takes over.