The growing move toward VoIP and similar communications technologies has left a lot of users considering Cisco (News - Alert) hardware as a way to connect their business to those they need to get in contact with or those who need to get in contact with them. The thought that their phones could actually be used against them as tools of espionage likely never even entered the equation. However, a recent development from the Chaos Communications Congress showed, with the closing of 2012, that hacking Cisco phones and turning them into spies was surprisingly simple...and potentially disastrous.
The presentation showing just how easily a Cisco phone could be turned against its masters was staged by Ang Cui, a computer science PhD candidate at Columbia University, and Michael Costello. In said presentation, the duo demonstrated that by inserting a piece of code measuring only 900 bytes in size into a Cisco phone, they could listen in on any conversation held on that device from anywhere in the world. What's more, the affected phone could in turn affect every device on the network, making every phone in the office a spy.
The duo then demonstrated a device specifically used to more easily deliver the malicious code. Dubbed the "thingp3wn3r," it connects easily to the RJ11 serial port of any Cisco phone and adds its code.
Cisco, for its part, is already working on rewriting the firmware in such a fashion as to remove this security vulnerability with the hopes of having it ready for widespread consumption by January 21. According to reports, however, it's not just Cisco phones that should be concerned. While it's bad enough that Cisco has this vulnerability--Cisco phones are found in such places as Air Force One, the White House, and in businesses of all sizes all over the country--all VoIP-based phones may have a similar flaw in their own systems.
For those with Cisco phones, this flaw likely will weigh heavily on them. But one thing that doesn't need to weigh heavily is maintenance. Firms like XSi offer some excellent alternatives to the standard Cisco SMARTnet maintenance structure, proving simple contract management with a single agreement, flexible payment plans, support for hardware and software alike beyond the EOL/EOS laid out by Cisco, and more besides, all at costs that reportedly represent savings beyond those of Cisco's deepest discounts.
No matter what approach users take for protecting their phones, their phone systems, and the information transmitted by same, the important takeaway in all this is that taking the steps necessary to protect these things is of vital importance to any operation. Controlling the flow of information keeps a business operational, and failing to do so may well cost the business its ability to operate at all.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Rachel Ramsey