Ciscomania Forums  

Phone aren't safe either, Hackers say.

This is a discussion on Phone aren't safe either, Hackers say. within the CCSP forums, part of the category; Hacking VoIP is easy, says John Kindervag, and it gets you well past the phone. Using penetration tests propounded by ...

Reply
 
LinkBack Thread Tools Display Modes
Old 28th October 2007, 05:10 PM   #1
Administrator
 
admin's Avatar
 
Join Date: Jul 2007
Location: New York
Posts: 19
Rep Power: 10
admin has disabled reputation
Lightbulb Phone aren't safe either, Hackers say.

Hacking VoIP is easy, says John Kindervag, and it gets you well past the phone. Using penetration tests propounded by a tool called VoIP Hopper, he and partner Jason Ostrom got well past the phone into the corporate systems that support it from hotel rooms, corporate offices and so on.
“The whole catalyst behing VoIP Hopper is we were in a hotel room with a Cisco phone,” Ostrom says. “We were (able to get) into the (hotel's) corporate network and got access to their financial and corporate network and recorded other phone calls.”
Of course, he says, they destroyed the data after the attack. Using “a really advanced hacker technique,” - unplugging the phone and plugging in a PC, VoIP hopper mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC into the network running the VoIP.
“People tell us VoIP is secure by default,” Ostrom says. “But a regular PC should never have access to it.”
The configuration used by Avaya is superior to Cisco, they say, because you have to send requests beyond a sniffer. But it can be breached the same way, by unplugging the phone and plugging in a PC. Most VoIp users aren’t set up to keep their data secure from an attack launched through VoIP.
“In seven environments that we looked at, not one customer had a firewall between voice and data,” Ostrom says. “We’ve toasted so many of these networks it’s not funny. VLAN is never, never a secure network.”
__________________
-Admin
www.Ciscomania.net
Offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On






1 2 3 4 5 6 7 8 9 10