Cisco VoIP Phones Part of Security Weakness Demo

News

Added 14th May 2011

Ellen Messmer

At an upcoming conference in Australia, security firm HackLabs is expected to demonstrate how hackers perform VoIP attacks and identify weaknesses in Cisco and other manufacturers VoIP phones.

Top 5 things to do before buying more security technology

HackLabs director Chris Gatford has not responded to questions about exactly what type of Cisco VoIP phones and systems will be subject to close examination for security weaknesses. The AusCERT 2011 presentation that HackLabs will do next week is described as "a one-day tutorial" of intensive, hands-on training in which "participants will learn how hackers perform VoIP Attacks and how to remediate common vulnerabilities. Attendees will learn how hackers can methodically gain entry access to an organization's telephony systems to steal information and abuse services."

The conference session description says the HackLabs attacks will focus on Cisco phones, Cisco Call Manager and Microsoft Office Communicator.

A spokesman for Cisco says the company has "reached out to the conference organizers and speakers for more details. At this point we have no information to suggest any undisclosed product vulnerabilities, but we will assess any new information and respond in line with our well-established process for the public reporting of security vulnerabilities," which are identified here.

The Cisco spokesman adds, "It's important to note that the presenters' public comments reference the importance of securing IP phones in line with the manufacturer's installation and configuration recommendations, and we support this message and recommend it as best practice for our customers."

Demonstrations by security firms on how to attack VoIP phones in order to gain unauthorized use or attack the VoIP network and endpoints is nothing new. Many Black Hat Conference demonstrations in the past have focused on this as a topic.

At AusCERT 2011 next week, HackLabs, which specializes in penetration testing, could stick to discussing "implementation mistakes" or might disclose new information about vulnerabilities that would require remediation of VoIP equipment in some way.

latest news

Gearing IT for the Rains: What CIOs Need to Know

Here's how CIOs can prepare their organizations for monsoons, when faced by flooded basements, stranded employees, and disrupted services.
Why Microsoft Office for iPad is Inevitable

New reports have surfaced that Microsoft is developing Office apps for iOS and Android. If true, it's a very smart move by Microsoft.
Mobile Workers Work Longer Hours

Almost two-thirds of mobile employees say they are working 50 to 60 hour-plus weeks, with most working weekends too, according to research.
IBM: Only 16% CEOs Using Social Media to Connect with Customers

IBM says a study it did of some 1,700 Chief Executive Officers worldwide found that many indeed - or should be -- grasping social media as a key enabler of collaboration and innovation.

View all news

news

Facebook Stock Slumps for Third Day

Pre-IPO frenzy definitely over as social net's stock sinks below $32 a share.

articles

In the Hot Seat: Interviewing a Top-notch CSO

One man’s adventure into the interviewing process for a CSO position.

CEO interview

R. S. Sodhi

MD, Amul

R. S. Sodhi, MD, Amul, says without IT it would be difficult for Amul to source its products from rural India, and cater to the country's smaller towns.

mentors

Manish Choksi

Chief-Corporate Strategy & CIO,Asian Paints

The Next Wave

Social media and mobility are sweeping across corporate IT promising to bring tectonic shifts in the way IT is consumed.

case studies

Hikal Profits from a Technology that Failed in 2008

How do you convince management to invest in a technology project that's already failed? Hikal's IT leader has the answer.
- Falgun ShuklaSr. GM-IT, Hikal