Here's a video of Ang Cui and Michael Costello's Hacking Cisco Phones talk at the 29th Chaos Communications Congress in
Berlin Hamburg. Cui gave a show-stealing talk last year on hacking HP printers, showing that he could turn your printer into a inside-the-firewall spy that systematically breaks vulnerable machines on your network, just by getting you to print out a document.
Cui's HP talk showed how HP had relied upon the idea that no one would ever want to hack a printer as its primary security. With Cisco, he's looking at a device that was designed with security in mind. The means by which he broke the phone's security is much more clever, and makes a fascinating case-study into the cat-and-mouse of system security.
Even more interesting is the discussion of what happened when Cui disclosed to Cisco, and how Cisco flubbed the patch they released to keep his exploit from working, and the social issues around convincing people that phones matter.
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native Unix), the operating system that powers all Cisco TNP IP phones. We demonstrate the reliable exploitation of all Cisco TNP phones via multiple vulnerabilities found in the CNU kernel. We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels. We also demonstrate the worm-like propagation of our CNU malware, which can quickly compromise all vulnerable Cisco phones on the network. We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet. Lastly, we built on last year's presentation by discussing the feasibility of exploiting Cisco phones from compromised HP printers and vice versa.
We present the hardware and software reverse-engineering process which led to the discovery of the vulnerabilities described below. We also present methods of exploiting the following vulnerabilities remotely.
Hacking Cisco Phones [29C3]
Zachary Zmith writes, “A Kickstarter is funding beautifully-designed and illustrated editions of classic stories, with illustrations from Paul Pope, Yuko Shimizu and Bill Sienkiewicz. They have already met their initial goal to fund a version of Algernon Blackwood’s ‘The Willows’ with art by Paul Pope. If they reach $100k, Bill Sienkiewicz will illustrate H.G. Wells’ […]
Asaf Hanuka is a celebrated Israeli cartoonist whose astonishing, surreal illustrations serve as counterpoint to sweet (sometimes too-sweet) depictions of his family life, his complicated existence as a member of a visible minority in Israel, the fear he and his family live with, and his own pleasures and secret shames — a heady, confessional, autobiographical brew that has just been collected into The Realist: Plug and Play, the second volume of Hanuka’s comics.
SOG’s $60 Sync II “wearable belt buckle” multitool isn’t the only multitool/buckle on the market, but it does add a couple very sensible innovations, like a clip-on/clip-off base that lets you use your tool without taking off your belt, and a squared-off form factor (like a pair of folding travel sewing scissors) that adapts the […]
If you don’t want to get stuck footing the bill for a hit and run, this dashboard-mounted camera offers up to 2K resolution to make sure you always have a reliable witness, and it’s available in the Boing Boing Store for 30% off it’s usual price.The PapaGo mounts unobtrusively to your windshield to see everything […]
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]
Boasting an IPX6 waterproof rating, the Trakk Bullet Ultra Compact Waterproof Bluetooth Speaker resists dust and heavy rainfall. It’s currently available in the Boing Boing Store.The Trakk Bullet offers the same wireless convenience as other portable speakers, but few are built as tough as this one. Its utilitarian construction is designed to be a totally low-maintenance […]