Cisco Phones Hacked: Remotely listen in via hacked VoIP Phones

Can you imagine your voice being heard from miles away, even you are talking with someone verbally and that is too your phone on flight mode? Well, you would be shocked that it could be done with quite ease, especially, if you are having a Cisco phone nearby. Cisco phone was recently hacked and while hacking the phone hackers gave a clear idea of how Cisco phones with ease could be controlled remotely for miles away, in the demo they described how the microphone of the phone could be opened remotely and if the phone has a webcam what can be done with it.

A Colombian University professor told how this hack could be made beneficial in these words:

“Any government that would like to peer into the private lives of citizens could use this. This is a great opportunity to create a low-cost surveillance system that is already deployed. It’s a monitoring infrastructure that’s free, when you turn these into listening posts.”

But, at the same time he also demonstrated how this phone could serve as a medium of hacking not only for the other phones but for the nearby computers and devices too. He said a hacked Cisco phone can lead to the hacking of all the phones on the network and also other devices too. He explained how in actual term all this works like in these words:

“We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything,”

Though, Cisco had launched a patch remove affects of this hack and not allow eavesdropping to take place. But, the Colombian university professor said:

“We don’t know of any solution to solve the systemic problem with Cisco’s IP Phone firmware except for the Symbiotic technology or rewriting the firmware.”

But, Cisco officials said:

“A-Team is working on mitigation and a permanent patch. The company plans to issue a security advisory and a detailed mitigation document later this week.”

Those you who want to know how this hacking is carried out can see the Colombian University researcher’s PDF on this particular hack. In this PDF presentation, they have showed a device in the above picture known as “thingp3wn3r” is connected to a serial port and install a malware into it. They also showed this particular hack worked so do have a look at the presentation.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.