Global Online Community
VoIP Routers Featured Article
December 20, 2012
VoIP Phones Can Be Hacked: Grad Student Latest to Unveil Security Challenge
By Peter Bernstein, Senior Editor
If you go to Google (News - Alert) and type in “hacking VoIP phone systems,” it can be depressing. The first is the number of entries. Second and third are how long this has been a problem, and the fact that no vendor seems immune. And, because of its IP PBX market leadership you will see that Cisco (News - Alert) has a big target on it but they are not alone.
For example, last year, the HackLabs cracking demonstration of a VoIP hacking workshop at the AusCERT security conference in Australia, featured a Cisco phone being compromised. The demo showed how virtually any VoIP phone remains vulnerable to popular hacking techniques which means that:
Bjoern Rupp, GSMK CryptoPhone's CEO, noted at the time that VoIP phone systems could become networked listening devices, wire tapped remotely or silenced. His point was that VoIP phones are purpose-built computers and therefore need to be protected, just like other computers and currently they come up lacking. They have been, as the Google search points out, for quite some time even as the nature of the security weak spots have evolved.
The latter point was highlighted by a demonstration at the recently held Amphion Forum conference by fifth year grad student Ang Cui from the Columbia University Intrusion (News - Alert) Detection Systems Lab. Using a Cisco phone, he demonstrated that by removing a small external circuit board from the phone’s Ethernet port anyone using a smartphone could capture every word spoken over that VoIP phone even though the VoIP phone was “on-hook.” And, the story gets worse.
According to Cui, not only was the secret in being able to patch the phone’s software with arbitrary pieces of code enabling him to turn the Off-Hook Switch into what he called a “funtenna,” he also claimed he could also do this remotely and without the need to insert a circuit board at all.
It probably does not need to be said, but once one phone is compromised the potential is there for the entire phone network to be so as well. It probably also should go without saying that this means all of the elements of your VoIP solution, not just the phones, need to be following best practices to mitigate the risks of security problems.
In fact, it is for this reason that when dealing with vendors of VoIP solutions you need to make sure they are providing great support. For example, Patton, who provides a comprehensive set of VoIP routers and gateways, has lifetime free basic support for its hardware like the SmartNode™ VoIP solutions, free upgrades for the software, as well as a premium support package. Whomever the vendor, training and consultative services need to be on your consideration list, since clearly when it comes to VoIP it is better to be safe than sorry.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert) (News - Alert). Follow us on Twitter.
Edited by Peter Bernstein
VoIP Routers Resources
Agilis Replaces Proprietary Obsolete IP System with State of the Art Open Standard 3CX Phone System 3CX Phone System Delivers Mission Critical PBX which Offers Unified Communications Features.
Patton and Elastix Announce Mutually-Certified Unified Communications Solution at IT Expo Kicking off a strategic partnership that delivers a fully-integrated Unified Communications solution with superior stability and intelligence, Elastix announces mutual certification for its open-source iPBX software and Patton's SmartNode VoIP IADs at ITExpo this week.
IP-Only Selects MigraX to Supply SmartNode VoIP Gateways For the mission of transitioning customers to IP telephony without replacing existing analog switches and devices IP-Only has handpicked MigraX as the supplier of choice.
Acropolis Telecom and Patton-Inalp: a lasting�and high—precision—partnership! Patton-Inalp, the expert in network access equipment, connectivity, VoIP and mobile video surveillance was established in 1984 by the Patton brothers. The multinational company designs and manufactures voice and data communications equipment for carrier, enterprise and industrial networks worldwide.
VoIP Routers Related ArticlesMore on VoIP Routers »