Sponsored By

Hacking Cisco PhonesHacking Cisco Phones

Lending some credence to the idea that VOIP hacking will increase in 2008 is the hacking of Cisco phones that occurred on a hotel network earlier this year (the exploit is described here . Cisco has now confirmed that this exploit is possible (Cisco's response is here .

Eric Krapf

December 11, 2007

2 Min Read
No Jitter logo in a gray background | No Jitter

Lending some credence to the idea that VOIP hacking will increase in 2008 is the hacking of Cisco phones that occurred on a hotel network earlier this year (the exploit is described here. Cisco has now confirmed that this exploit is possible (Cisco's response is here.

Lending some credence to the idea that VOIP hacking will increase in 2008 is the hacking of Cisco phones that occurred on a hotel network earlier this year (the exploit is described here. Cisco has now confirmed that this exploit is possible (Cisco's response is here.In its response, Cisco notes 3 conditions that must be present for the attack to be possible:

* The internal web server of the IP phone must be enabled. The web server is enabled by default.

* The IP phone must be configured to use the Extension Mobility feature, which is not enabled by default.

* The attacker must possess or obtain valid Extension Mobility authentication credentials.

* The IP phone must be configured to use the Extension Mobility feature, which is not enabled by default.

* The attacker must possess or obtain valid Extension Mobility authentication credentials.

Not surprisingly, Jonathan Rosenbaum of Cisco addressed some of these issues, in more general terms, at Interop in New York last October. Jonathan specifically spoke to the issue of having Web servers on phones, and said, "You've got to treat it [the phone] as a computer that's been deployed out there."

I think that's the critical point: If exploits increase, it'll be in large part because the people who deploy VOIP networks and all of their component parts treat those parts as if they're exact equivalents to the TDM gear they replace. Functionally, there may not be much change--a fact that's occasioned some grumbling and given Unified Communications advocates a marketing opening--but as these exploits show, network elements like phones are, in fact, very different animals in the VOIP world than TDM.

About the Author

Eric Krapf

Eric Krapf is General Manager and Program Co-Chair for Enterprise Connect, the leading conference/exhibition and online events brand in the enterprise communications industry. He has been Enterprise Connect.s Program Co-Chair for over a decade. He is also publisher of No Jitter, the Enterprise Connect community.s daily news and analysis website.
 

Eric served as editor of No Jitter from its founding in 2007 until taking over as publisher in 2015. From 1996 to 2004, Eric was managing editor of Business Communications Review (BCR) magazine, and from 2004 to 2007, he was the magazine's editor. BCR was a highly respected journal of the business technology and communications industry.
 

Before coming to BCR, he was managing editor and senior editor of America's Network magazine, covering the public telecommunications industry. Prior to working in high-tech journalism, he was a reporter and editor at newspapers in Connecticut and Texas.