VirtualThreat Contributing Writer
Researchers at Columbia University have discovered a flaw in telephones that allows a hacker to turn a phone’s microphone into a sophisticated recording device. Using this flaw an attacker can eavesdrop on conversations remotely.
5th year PhD candidate Ang Cui and Columbia Professor Sal Stolfo discovered the flaw while working on a U.S. Defense Department grant for the Defense Advanced Research Projects Agency (DARPA). According to the researchers, they can remotely command a hacked phone to do anything they want. For example, they say they can activate a webcam on a phone or instruct the phone’s LED light to remain off when the phone’s microphone has been activated. This way the eavesdropping victim won’t be alerted when their conversation is being recorded.
“On the dark side, these phones are sold worldwide,” Stolfo said. “Any government that would like to peer into the private lives of citizens could use this. This is a great opportunity to create a low-cost surveillance system that is already deployed. It’s a monitoring infrastructure that’s free, when you turn these into listening posts.”
Ang Cui, who works in the Intrusion Detection Systems Lab at Columbia University, gave a presentation on December 29th demonstrating the hack at the Chaos Communications Conference in Germany. The demonstration is appropriately titled “Hacking Cisco Phones: Just Because You Are Paranoid Doesn’t Mean Your Phone Isn’t Listening To Everything You Say”. During the presentation Cui shows examples of Cisco phones used not only in companies and educational institutions, but also used in government and military applications.
Cisco acknowledged the flaw in a statement to NBC News, but wouldn’t say how many of its phones were impacted by the hack. However Cisco announced in a December vulnerability report, sent to paying customers, that 15 models were affected.
The company appears to be working on a fix, but the researchers still consider the flaw to be very “dangerous.”
About the author…
Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.
This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.