• On GameSpot: Nintendo 3DS: $250?
February 17, 2008 5:41 AM PST

Hacking the lobby telephone

by Robert Vamosi

WASHINGTON--Two security researchers at ShmooCon demonstrated on Saturday how a laptop connected to a VoIP telephone could, in some cases, expose a business' internal network to outsiders.

John Kindervag, senior security architect for Vigilar, said that public waiting areas in hospitals, conference rooms, and hotel rooms are particularly vulnerable to this attack since often there is no IT staff around. Appearing on stage at the East Coast computer hacker conference with Kindervag was Jason Ostrom, manager of Vigilar's Vulnerability Assessment and Compliance Practice team, who used the ShmooCon conference to show off his latest version of VoIP Hopper, a tool he uses for penetration testing of companies that are running voice over IP phone systems.

Kindervag said that VoIP was gaining acceptance with large companies and organizations for many reasons: there are no toll calls over the Internet; there's less cabling involved; employees can move offices without having to rewire or change switching operations for their phones; and finally, voice mail notices can appear in one's Outlook inbox. "This is very popular among CIOs," Kindervag said.

But Ostrom's tool allows one to hook up a laptop computer to a public VoIP phone and connect to the company's or organization's internal network with full administrator access. VoIP Hopper can be used to intercept Cisco Discovery Protocol (CDP), which announces the device type and the SNMP agent address of neighboring devices, and automatically create a new ethernet device. This could allow someone to map or otherwise do damage to a company's network from a public waiting area. The tool also allows one to physically remove the phone and have a laptop spoof the phone's MAC address, so the network is unaware that a laptop has replaced the expected phone.

To prevent such attacks, the researchers recommend turning off CDP. They also recommend disabling port 2 on any public VoIP phone, and include the public phone within a firewall.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Criminal Hackers,

Security

Tags:

security,

Shmoocon,

Cisco,

John Kindervag,

Jason Ostrom,

Vigilar,

lobby phone,

CDP

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
Security researcher demonstrates ATM hacking
Tech firms warn privacy bill will harm economy
CTIA sues SF over cell phone radiation law
Hackers to flock to Black Hat, Defcon this week
Cell phone chats--in the Australian Outback?
Google Voice's Skype competitor leaked? Unlikely
App Genome Project eyes iPhone, Android security
Black Hat shines light on security (roundup)
Add a Comment (Log in or register)
Never stop reminding us !
by vminvic February 17, 2008 11:46 AM PST
It is good to see yet another article publicising the risks of wireless devices - especially network connected ones. The number of people who just buy things like routers, plug them in, and start using them without second thoughts, is enormous. A ripe environment for crimal behaviour exists. If it broadcasts on radio frequencies - BE NERVOUS. Experise is important if employing these devices. If in doubt - stick to wires.
Reply to this comment
Cisco's security flaw is NOT limited to wireless ...
by PiratePete February 17, 2008 1:02 PM PST
Cisco's security vulnerability is not only for wireless networks, Cisco has a security issue on their wired VoIP systems as well.

Their discovery protocol offers hackers a way to potentially infiltrate a corporate LAN from outside of the typical security ring.
advertisement
CNET River

What the iPhone jailbreak ruling means

faq The practical impact of a new Digital Millennium Copyright Act ruling may be limited because Apple's end user contract still restricts jailbreaking.

Redesign for Terrafugia's flying car

A successful test flight of a prototype Terrafugia vehicle has led to structural improvements just unveiled. The company hopes to start shipping late next year.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
Click Here
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET