Cisco VoIP phones can be turned into "listening posts"

PhD student Ang Cui and computer science professor Salvatore Stolfo at the Columbia University Engineering school found that the entire range of 14 Unified IP Phone models from Cisco can be easily compromised. At a recent conference on the security of connected devices, Cui demonstrated how to insert malicious code into a Cisco VoIP phone and start eavesdropping on private conversations – not just on the phone but also in the phone’s surroundings – from anywhere in the world. VoIP phone webcams can be used to add a set of eyes to the spy effort as well.

To be sure, corporate espionage is the first ramification that springs to mind, but the issue doesn’t stop there. “Any government that would like to peer into the private lives of citizens could use this,” Stolfo told NBC. “This is a great opportunity to create a low-cost surveillance system that is already deployed. It's a monitoring infrastructure that's free, when you turn these into listening posts."

Making things worse is the fact that it’s not just Cisco phones that are at risk. “All VoIP phones are particularly problematic since they are everywhere and reveal our private communications,” said Stolfo, in the research overview. “It’s relatively easy to penetrate any corporate phone system, any government phone system, any home with Cisco VoIP phones – they are not secure.”

Multiple vulnerabilities in the firmware on the phones and in embedded systems distributed throughout VoIP networks are to blame, and although Cisco has moved to patch the flaw in the phone itself, Cui said the remedy is ineffective.

“It doesn't solve the fundamental problems we've pointed out to Cisco," he explained.

Cisco said that it is working on a second fix. A spokesman told Computerworld that Cisco “has its A-Team working on mitigations and a permanent patch.” The company plans to issue a security advisory and a detailed mitigation document later this week, he added.

Cui is skeptical of a patch-based approach: "We don't know of any solution to solve the systemic problem with Cisco's IP Phone firmware except for the Symbiotes technology or rewriting the firmware," he said.

That new Software Symbiotes defense technology is designed to safeguard embedded systems from malicious code injection attacks into VoIP systems, including routers and printers. The researchers have built the Symbiotes to be analogous to organic symbiosis, like the shark/remora-style mutual protection relationship – hence the name.

“This is a host-based defense mechanism that’s a code structure inspired by a natural phenomenon known as symbiotic defensive mutualism,” Cui said. “The Symbiote is especially suitable for retrofitting legacy embedded systems with sophisticated host-based defenses.”

The Symbiote at runtime is required by its host to successfully execute in order for the host to operate, then monitors its host’s behavior to ensure it continues operating correctly. If it doesn’t, it stops the host from doing harm. Removal, or attempted removal, of the Symbiote renders the host inoperable.

Symbiotes extract computational resources (CPU cycles) from the host while simultaneously protecting the host from attack and exploitation, explained Cui. “And, because they are by their nature so diverse, they can provide self-protection against direct attack by adversaries that directly target host defenses.”

The applications extend beyond VoIP. “The beauty of the Symbiote,” said Cui, “is that it can be used to protect all kinds of embedded systems, from phones and printers to ATM machines and even cars – systems that we all use every day.”

What’s hot on Infosecurity Magazine?