If you work in an office that uses the popular CiscoUnified IP Phone 7900 Series, prepare to feel violated. A couple of security researchers have published details on a security vulnerability that allows a nefarious hacker to turn the phones into eavesdropping devices. The hack allows people to listen in on private phone calls as well as to nearby conversations.
The hack is executed with a small piece of hardware plugged into the local serial port of the Cisco phone. Once the device is connected to the phone, the hacker is able to execute code allowing them to remotely monitor phone calls and turn on the phone’s speaker allowing them listen in on conversations. Cisco has confirmed this vulnerability and has promised a fix.
Cisco has already offered a temporary software patch that blocks the hack from being executed over a network. Cisco also promises a patch to plug the hole when the hacking device is connected directly to the phone. Ultimately, Cisco promises to completely rewrite the base firmware eliminating the possibility of his hack being used. But in the mean time, if your company uses these phones, you might want to watch what you say in front of your phone – or just unplug it from the phone jack.
[via Ars Technica]