Cisco Phones Found Vulnerable to Eavesdropping, Hacking

High-tech telephones common on many workplace desks in the U.S. can be hacked and turned into eavesdropping devices, according to researchers at Columbia University.

The hack, demonstrated for NBC News, allows researchers to turn on a telephone’s microphone and listen in on conversations from anywhere around the globe – requiring only an Internet connection, NBC reports.

Doctoral candidate Ang Cui and Columbia Professor Sal Stolfo discovered the flaw while working on a grant from the U.S. Defense Department, say they can remotely order a hacked telephone to do anything they want and use software to hide their tracks, the article says. For example, they say they can turn on a webcam on a phone equipped with one or instruct the phone’s LED light to stay dark when the phone’s microphone was turned, so an eavesdropping subject would not be alerted that the phone had been hacked.

The flaw involves software running on Cisco’s popular Internet Protocol telephones. Cisco acknowledged the flaw in a statement to NBC News, but wouldn’t say how many phones were impacted. In December, Cisco listed 15 phone types impacted the by the problem.

Cisco indicated in a statement that the company is working on a fix, but the firm told NBC that it plans to issue a security bulletin next week. Stolfo says he is “very worried about the speed with which Cisco is handling this.”

You can read the full report here at NBC News.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.