Pin It

Voip : ( Cisco will fix to a flaw in its new IP phones ) :

meil | 13:53 |

It seems there is still noise on the line of Cisco VoIP phones, victims of a fault. The fix proposed by the supplier does not solve the problem and quickly grows to propose another. This vulnerability is one of many discovered by Slavatore Stolfo, professor of computer and Ang Cui, PhD student in the engineering department of Columbia University. The two researchers, who received funding from DARPA (Defense Advanced Research Projects Agency), analyzed the firmware Unix Cisco phones. They discovered that it was possible to listen to conversations trafficker IP phone 7900 series with software version 9.3.1-ES10.

Their attack was presented at the conference of the Chaos Computer in Hamburg last month. This feat is anonymous, the user does not know he is spied, said the scientists. The attacker can trigger the microphone and record conversations. For their demonstration, Ang Cui has developed a small device wired it calls "thingp3wn3r." This injects the attack code by connecting the RJ11 port on the phone. He then interacted with the remote module via a mobile phone and the Bluetooth connection. Both experts say that the phone could be attacked directly penetrating the corporate network.

Thingp3wn3r module used to attack

Expected a permanent fix and defense technology in preparation

The supplier said that its A-Team (in charge of security issues) working on mitigation and a permanent fix. Cisco plans to release this week a security advisory and a detailed document against measures. In the first security bulletin, the American group described the flaw as a validation error system calls made ​​by the kernel terminal.

A solution is provided by Ang Cui, who worked on defense technology called "software symbionts." It was created to protect embedded systems such as printers or routers against code injections. The researcher plans to demonstrate in a forthcoming conference.

Category:

About https://maroc-promotions.blogspot.com/:
maroc-promotions.blogspot.com Is A Site For News Of Telecom ...!