[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Hacking the lobby telephone

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Hacking the lobby telephone
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Wed, 20 Feb 2008 00:37:15 -0600 (CST)
Delivered-to: isn@xxxxxxxxxxxxxxx
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/
Sender: isn-bounces@xxxxxxxxxxxxxxx

http://www.news.com/8301-10789_3-9873864-57.html

By Robert Vamosi
Defense in Depth
February 17, 2008

WASHINGTON -- Two security researchers at ShmooCon demonstrated on 
Saturday how a laptop connected to a VoIP telephone could, in some 
cases, expose a business' internal network to outsiders.

John Kindervag, senior security architect for Vigilar, said that public 
waiting areas in hospitals, conference rooms, and hotel rooms are 
particularly vulnerable to this attack since often there is no IT staff 
around. Appearing on stage at the East Coast computer hacker conference 
with Kindervag was Jason Ostrom, manager of Vigilar's Vulnerability 
Assessment and Compliance Practice team, who used the ShmooCon 
conference to show off his latest version of VoIP Hopper, a tool he uses 
for penetration testing of companies that are running voice over IP 
phone systems.

Kindervag said that VoIP was gaining acceptance with large companies and 
organizations for many reasons: there are no toll calls over the 
Internet; there's less cabling involved; employees can move offices 
without having to rewire or change switching operations for their 
phones; and finally, voice mail notices can appear in one's Outlook 
inbox. "This is very popular among CIOs," Kindervag said.

But Ostrom's tool allows one to hook up a laptop computer to a public 
VoIP phone and connect to the company's or organization's internal 
network with full administrator access. VoIP Hopper can be used to 
intercept Cisco Discovery Protocol (CDP), which announces the device 
type and the SNMP agent address of neighboring devices, and 
automatically create a new ethernet device. This could allow someone to 
map or otherwise do damage to a company's network from a public waiting 
area. The tool also allows one to physically remove the phone and have a 
laptop spoof the phone's MAC address, so the network is unaware that a 
laptop has replaced the expected phone.

To prevent such attacks, the researchers recommend turning off CDP. They 
also recommend disabling port 2 on any public VoIP phone, and include 
the public phone within a firewall.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

Prev by Date: [ISN] Government still suffers from information insecurity
Next by Date: [ISN] Former FEMA director Michael Brown talks disaster recovery -- including his own
Previous by thread: [ISN] Government still suffers from information insecurity
Next by thread: [ISN] Former FEMA director Michael Brown talks disaster recovery -- including his own
Index(es):
- Date
- Thread