Chris Dougherty, Contributor
Researchers at Columbia University have discovered a flaw in telephones that allows a hacker to turn a phone’s microphone into a sophisticated recording device. Using this flaw an attacker can eavesdrop on conversations remotely.
5th year PhD candidate Ang Cui and Columbia Professor Sal Stolfo discovered the flaw while working on a U.S. Defense Department grant for the Defense Advanced Research Projects Agency (DARPA). According to the researchers, they can remotely command a hacked phone to do anything they want.
For example, they say they can activate a webcam on a phone or instruct the phone’s LED light to remain off when the phone’s microphone has been activated. This way the eavesdropping victim won’t be alerted when their conversation is being recorded.
‘On the dark side, these phones are sold worldwide,’ Stolfo said. ‘Any government that would like to peer into the private lives of citizens could use this. This is a great opportunity to create a low-cost surveillance system that is already deployed. It’s a monitoring infrastructure that’s free, when you turn these into listening posts.”’
Ang Cui, who works in the Intrusion Detection Systems Lab at Columbia University, gave a presentation on December 29th demonstrating the hack at the Chaos Communications Conference in Germany. The demonstration is appropriately titled “Hacking Cisco Phones: Just Because You Are Paranoid Doesn’t Mean Your Phone Isn’t Listening To Everything You Say”.
During the presentation Cui shows examples of Cisco phones used not only in companies and educational institutions, but also used in government and military applications.
Cui, has spent the last five years thinking about ways to defend embedded systems against exploitation. Last year he gave a detailed presentation describing a method to use a printer as a launching point to attack a corporate network. For the purpose of attacking a phone, he has created a little device called the th1ngp3wn3r (pronounced Thing Powner) kit. The researcher says this small gadget can be attached to a single Cisco IP phone and then used to turn an entire company’s network into a sophisticated bugging device within seconds.
|Th1ngP3wn3r kit : Cisco Hacking Device – This small gadget can be attached to a single Cisco IP phone and then used to turn an entire company’s network into a sophisticated bugging device within seconds|
Cisco acknowledged the flaw in a statement to NBC News, but wouldn’t say how many of its phones were impacted by the hack. However, Cisco announced in a December vulnerability report sent to paying customers that 15 models were affected.
The company appears to be working on a fix, but the researchers still consider the flaw to be very “dangerous.”
Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.