Security Researcher Demonstrates Enterprise VoIP Phone Hack at Recent Amphion Forum

During the recent Amphion Forum, a conference where device and mobile security experts from different disciplines gather, Ang Cui, a fifth-year grad student from the Columbia University Intrusion Detection Systems Lab, demonstrated how connected devices such as networked printers and VoIP phones can be easily hijacked to give intruders virtually unlimited remote access to extremely sensitive information and allow them to eavesdrop on private conversations. The Amphion Forum is hosted by Mocana, a leader in device and mobile security.

Using a common Cisco-branded VoIP phone, Cui inserted and then removed a small external circuit board from the phone’s Ethernet port—something Cui asserted could be easily accomplished by a company visitor left unattended for a few seconds—and starting using his own smartphone to capture every word spoken near the VoIP phone, even though it was still ‘on-hook.’ While he did not specify the precise vulnerability, Cui said it allowed him to patch the phone’s software with arbitrary pieces of code, and that this allowed him to turn the Off-Hook Switch into what he called a “funtenna.” According to Cui, once one phone is compromised, the entire network of phones is vulnerable. Cui later said he could also perform a similar exploit remotely, without the need to insert a circuit board at all.

The vulnerability Cui demonstrated was based on work he did over the last year on what he called ‘Project Gunman v2’, where a laser printer firmware update could be compromised to include additional, and potentially malicious, code. With this, it becomes possible to remotely compromise a printer located within the organization’s firewall and eavesdrop on documents being printed or stored, without ever setting foot on the premises. The compromised printer could then be used to launch other attacks on the internal network. The demonstration at the Amphion Forum in San Francisco took such an attack even further.

Cui pointed out that current security solutions don’t work with embedded systems like VoIP phones and printers and code signing isn’t enough. “Signing files doesn’t make the files secure,” Cui said.

He also said that routers, printers and phones are general-purpose computers without host-based intrusion systems or antivirus protection built in, so they make attractive targets. Further, they often lack encryption for data in motion or at rest.

Cui’s research was carried out as part of a DARPA CRASH (from the I2O office) and IARPA Stonesoup Program, and he recently briefed agencies of the U.S. federal government about the potential for a serious attack on all its Cisco Unified VoIP phones.

“The VoIP phone vulnerability demonstrated at the Amphion Forum was a stark reminder of the need to address the device security mess. The sad fact is that most devices connected to corporate networks, like printers and VoIP phones, are almost totally unsecured,” said Kurt Stammberger, CISSP, vice president of market development at Mocana and chair of the Amphion Forum. “The Amphion Forum is a unique event where thought leaders from academia, business, government and technology can gather to discuss the threats and opportunities presented by the unprecedented proliferation of mobile and connected devices that are creating the Internet of Things.”

The Amphion Forum was founded to provide a medium for stakeholders in the smart device economy to share solutions and forge a clear direction for the future of the Internet of Things. The most recent event was held in San Francisco on December 5 and attracted more than 350 participants and thought-leader presenters, making it the largest and most successful Amphion event since it was founded in 2011. Event organizers believe that by fostering a World Economic Forum-type environment, where big thinkers can share ideas for some of the most pressing issues facing the global device infrastructure, safer medical electronics, increased energy security and more secure industrial automation.

Posted on Dec 12, 2012  Reviews | Share |  Digg
Filed in:

  All brand, company, and product names are trademarks or registered trademarks of their
  respective owners. © 2012 VoIP Monitor. All rights reserved. Privacy Policy  Terms