Flattr this!

Two weeks ago a student of intrusion detection systems for Columbia Ang Kui (Ang Cui) published a report on exploiting vulnerabilities in the kernel CNU (Cisco Native Unix) in IP-phones of Cisco 7975G, 7971G-GE, 7970G, 7965G, 7962G, 7961G, 7961G-GE, 7945G, 7942G, 7941G, 7941G-GE, 7931G, 7911G, 7906, 7971G-GE, 7970G, 7961G, 7961G-GE, 7941G, 7941G-GE and 7906.

Because of the lack of security check, calls to syscall attacker could overwrite arbitrary kernel memory fragments and run any code execution. As promised, Ang Cui reported on the hacker conference 29C3 (29th Chaos Communication Congress), which was held from 27 to 30 December in Hamburg.

In his presentation, the author shows how to exploit the vulnerability in  Cisco IP-phone to becoming undetectable. Malicious code gains root access on the system, has access to a digital signal processor (DSP) interface and device control. The student has developed a patch that makes the necessary changes to the kernel and DSP, so the IP-phone unbeknownst to the owner includes a microphone and begins covert wiretapping and recording. November 2 was released firmware upgrades for some phone models, while for the older model, the new firmware to be released, because they are out of production.

“Just because you are paranoid doesn’t mean your phone isn’t listening to everything you say,” – the motto of Ang Cui his presentation started , which can be viewed on video.

Cisco IP Phones:

Cisco CP-7940G Unified IP Phone

Cisco SPA 504G 4-Line IP Phone