Cisco VoIP phones vulnerable to hackers?

The HackLabs cracking demonstration formed part of a VoIP hacking workshop at the AusCERT security conference in Australia yesterday.

Its aim was to show VoIP phones and corporate IP-driven telephony systems are at risk of having their communications intercepted and confidential information leaked.

The firm adds that its demonstration also illustrates how data on these VoIP systems can be vulnerable to popular hacking techniques.

According to Bjoern Rupp, GSMK CryptoPhone's CEO, it also means that call data can be downloaded from the IP phone and VoIP conversations can be redirected, illegally recorded, or similarly manipulated.

VoIP phone systems, he claims, could turn on their users, hacked to become networked listening devices (infinity bugs), wiretapped remotely or silenced, so blacking out communications.

Businesses, says Rupp, have been putting themselves at risk by cutting corners with cheap VoIP phone technologies, neglecting the fact that modern IP phones are, in fact, specialised computers that need to be protected, just like laptops and desktops.

"This demonstration only highlights the need for comprehensive IT security policies and the 360-degree security that protects modern mobile and fixed-line phones against attacks from outside threats", he explained.

Rupp went on to say that, increasingly, phone fraudsters are being hired by rival businesses, getting insider information and critical data without ever being suspected.

"If sensitive information gets leaked, it can have disastrous financial consequences and damage business reputations", he said.

"With many corporate users having prioritised VoIP cost savings over essential communications security in the past two years, businesses should start addressing this problem now and ensure that they can protect their telephone systems and counter the threats to unencrypted voice communications", he added.

What’s hot on Infosecurity Magazine?