Click here to apply for any of our Training Courses

News     .     Technology Trends     .     Gadgets     .     Style


IP phones which are commonly found in offices have been proven to be susceptible and vulnerable to attacks by hackers by this

cybersecurity expert but there is a solution. According to the report, someone could use the device to remotely spy on an individual. Business Insider spoke with Ang Cui, cybersecurity expert and founder of Red Balloon Security, who discovered the exploit in a Cisco phone. Here's a look at what someone might be able to do with it and what you can do to protect yourself. Following is a transcript of the video.

Ang Cui: A hacker can actually listen to everything that's going on in the room that the phone is in regardless of whether you are on the phone call or not.

Hello, my name is Ang Cui. I am the founder and chief scientist of Red Balloon Security.

So we took a Cisco phone. We took it apart, and we looked at it not like a telephone, but like a computer. It has a handset, it has a screen, and it has a bunch of numbers you can dial, but it also runs a whole lot of very vulnerable software.

We extracted the firmware that runs on that computer, and we systematically mapped out things that look like vulnerabilities. And over the course of two and a half months, we figured out exactly where the vulnerabilities are in a portion of the system that we can reach as an attacker.

So what can someone do if they were able to exploit the software and firmware running inside your phone? Well they can certainly listen to you when you're making phone calls. They can probably figure out who you're calling and when. But it goes way beyond that.

The microphone never turns off, so the hacker can listen to every single thing that the phone hears one hundred percent of the time, without stop.

In order to pull out of this attack and a lot of the other attacks we've disclosed over the years on IP phones, you don't need physical access. You can hit this vulnerability over the network, remotely. In fact, a few years ago, we made a demonstration at DEFCON, where we got a resume to hack a printer, and then we got the printer to hack a router, and then we got the router to hack a phone. And this was all done automatically in real-time, live on stage. So it is certainly possible for an attacker to exploit the IP phone sitting on your desk behind a firewall from somewhere else on the internet.

After we got access to the microphone, we decided to do something more fun, and we feed all that data into a speech-to-text engine, and we Tweet out the output of that. So instead of having to listen to all these conversations, you can just read it on Twitter.

So this demo was produced as part of a greater research into embedded device vulnerability. And we're happy that we work very closely with Cisco in order for us to hand over the vulnerability.

We disclosed it to them, and they were able to very quickly turn around and issue a patch that fixed this specific security problem. I'm really happy to say that Cisco has updated the firmware on those phones, so that specific vulnerability is no longer there, in the IP phones that have been updated.

So there is a few problems with this. One: according to the research that we put out, very few people update firmware. This is not ... hopefully this isn't news to you. You probably, like everyone else, don't want to update all of the devices' firmware as soon as they come out. And, in fact, the world is really bad at keeping the firmware of embedded devices up-to-date.

So even if the vendor issues is a security patch for the Cisco phone, the chances that all of the world have applied this patch is very low. The second thing is this is not a special case. We looked at a number of other IP phones, and we did not find a single IP phone that didn't fundamentally have security vulnerabilities that could allow the attacker to achieve exactly where you're seeing here on those phones. So if you have an IP phone on your desk right now, chances are there are known vulnerabilities that will allow an attacker to do exactly what we're showing you as possible on the Cisco phone.



Want to Learn More About Training, Certifications, Jobs and Career For The Future? Get This Resource Today!


Make Money Fixing Smartphones and Devices? Get The Best Resource and Training...$29.50 N7000 Only @ Booksellers Bookshops in Nigeria!


Need A Consult? Click Here




0 #13 ramzi method 2018-02-15 00:14
Very nice post. I simply stumbled upon your weblog and wanted to say
that I have really enjoyed surfing around your weblog posts.
After all I will be subscribing in your rss feed and I hope you write again very soon!
0 #12 ramzi method 2018-02-14 22:46
Hi, I do believe this is an excellent website. I stumbledupon it ;) I am going to
return once again since I book-marked it. Money
and freedom is the best way to change, may you be rich and continue to guide others.
0 #11 comedique review 2018-02-14 09:19
Hello, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam remarks?
If so how do you stop it, any plugin or anything you can suggest?
I get so much lately it's driving me crazy so any assistance
is very much appreciated.
0 #10 nub theory 2018-02-14 05:02
Hi there, every time i used to check weblog posts
here in the early hours in the daylight, since i like to gain knowledge of more and more.
0 #9 Ramzi Explained 2018-02-13 23:12
I every time spent my half an hour to read this weblog's articles or reviews daily along with a cup of
0 #8 placenta location 2018-02-13 20:07
It's hard to come by educated people in this particular topic, however, you sound
like you know what you're talking about! Thanks
0 #7 Boy Skull 2018-02-13 17:49
Thanks for finally writing about >Mondraim - Tech: A Cybersecurity expert shows how hackers can tap into an office
IP phone and listen to everything you're saying
0 #6 cosmedique 2018-02-13 14:40
Right now it seems like Wordpress is the preferred
blogging platform out there right now. (from what I've read) Is that what you are using on your blog?
0 #5 ramzi theory 2018-02-13 14:01
Hello, I enjoy reading all of your article. I like to write a little
comment to support you.
0 #4 cosmedique reviews 2018-02-13 06:07
Just want to say your article is as astonishing. The clarity in your
post is just nice and i can assume you're an expert on this subject.
Well with your permission let me to grab your RSS feed
to keep up to date with forthcoming post. Thanks a
million and please keep up the rewarding work.

Add comment

For advert enquiries, send an email to .

Also, you can click here to apply for any of our Training Courses