Sign In

Communications of the ACM

ACM TechNews

Computer Scientists Find Vulnerabilities in Cisco Voip Phones

View as: Print Mobile App Share:
Ang Cui bugging device

This device, when plugged into a single Cisco IP phone, will allow eavesdropping of conversations on a company's entire phone network, Columbia researchers say.

Credit: Columbia University

Columbia University researchers have found significant vulnerabilities in Cisco voice over Internet protocol (VoIP) telephones, and they demonstrated how they can easily insert malicious code into a Cisco VoIP phone and start eavesdropping on private conversations from anywhere in the world. The researchers are especially concerned with embedded systems that are widely used and networked on the Internet, including VoIP phones, routers, and printers, and are focused on developing new security technology to protect these systems.

"We performed this analysis to demonstrate a new defense technology, called Software Symbiotes, that protects them from exploitation," says professor Salvatore Stolfo. Software Symbiotes, which is designed to safeguard embedded systems from malicious code injection attacks, "is a host-based defense mechanism that's a code structure inspired by a natural phenomenon known as symbiotic defensive mutualism," says Columbia's Ang Cui.

The researchers say Symbiotes could be a digital life form that coexists with arbitrary executables in a mutually defensive arrangement. "We envision a general-purpose computing architecture consisting of two mutual defensive systems whereby a self-contained, distinct, and unique Symbiote machine is embedded in each instance of a host program," Stolfo says.

From Columbia University 
View Full Article


Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


No entries found