Invading someone or some organizations privacy is an uncomforting thought for those on the receiving end of a security breach. For the hacker who successfully attacks a network, such a feat is a major accomplishment. Whether you’re an individual or a large organization, depending on what is compromised, this can lead to devastating effects, especially should the thief effectively cover his or her tracks.
Recently, researchers at Columbia University conducted tests to determine the integrity of a couple different network components. In one test, the security of a Cisco TNP system was tested that allowed an entire network of VoIP phones to be compromised through a single phone. Other tests conducted allowed the researchers to gain control of data sent to laser printers on a network and as well as simply locate unsecure devices on a network. This research eventually culminated in shocking presentation this last Wednesday in California.
Ang Cui, a 5th year grad student at Columbia and co-founder of Red Balloon Security, worked alongside fellow researcher Salvatore Stolfo to host a demonstration at the Amphion Forum in San Francisco explaining the exploitation process of a VoIP system. As part of a DARPA funded project, Cui was able to craft a simple circuit board which has the ability to obtain data from the microphone of the phone. This data is then transported back to a custom app he created for his phone, which was also used to control the device. Through a single phone, other phones on the network could be easily accessed and exploited. Data obtained from the attack was relayed through Google Speech to Text and displayed in real time as part of the demonstration.
Cui actually went a little further and explained how other small loopholes in security, like a lack of unique authentication, could allow him to access certain VoIP phones without the need to physically access a phone. He had another trick up his sleeve which allowed him to access the soft switch that turns of the microphone and speaker when at rest. He called this the “fun-tenna.” By doing so, he can simply listen in on a conversation being held near a phone – picking up everything said through the microphone – unbeknownst to those in the room.
Cisco addressed his findings very quickly by developing patches which are available to existing customers and will be available to the masses in January. Fortunately, this “attack” was conducted as research to help strengthen security efforts. Such an example should be taken seriously by companies that utilize VoIP. Though only about 1 in every 5 organization that was tested had exploitable security breaches, that number is still a significant amount of businesses which are not secure. It would be wise for businesses to greet this research with strong consideration by taking a more thorough look at the security of their communication system.