Cisco IP Phones Vulnerable to Eavesdropping Attacks

[Guest]

Using a VoIP phone could potentially expose you to unexpected risk, as researchers claim to have discovered "many" vulnerabilities that open a VoIP device up to eavesdropping vulnerabilities.

Cisco IP Phones Vulnerable to Eavesdropping Attacks : Read more

 

[iniudan]

For those that actually want the detail, here the video of the conference, which is much less alarmist, then this news feed, Also the vulnerability only affect certain model (forgot where it is, so no link)

http://www.youtube.com/watch?v=f3zUOZcewtA&list=FL1pPBE8BFl2wRg_Bd2zWLpA

 

[LORD_ORION]

Kind of lame, because if you can look at packets and decipher where the phone actually is to attack it, you can very likely just listen in to the RTP packets anyways.

Regardless, fail to use TLS with SIP and people will find where you phone is if they can read the packets. Fail to use SRTP and anyone who can read the packets can record and/or listen.