Here's a video of Ang Cui and Michael Costello's Hacking Cisco Phones talk at the 29th Chaos Communications Congress in
Berlin Hamburg. Cui gave a show-stealing talk last year on hacking HP printers, showing that he could turn your printer into a inside-the-firewall spy that systematically breaks vulnerable machines on your network, just by getting you to print out a document.
Cui's HP talk showed how HP had relied upon the idea that no one would ever want to hack a printer as its primary security. With Cisco, he's looking at a device that was designed with security in mind. The means by which he broke the phone's security is much more clever, and makes a fascinating case-study into the cat-and-mouse of system security.
Even more interesting is the discussion of what happened when Cui disclosed to Cisco, and how Cisco flubbed the patch they released to keep his exploit from working, and the social issues around convincing people that phones matter.
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native Unix), the operating system that powers all Cisco TNP IP phones. We demonstrate the reliable exploitation of all Cisco TNP phones via multiple vulnerabilities found in the CNU kernel. We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels. We also demonstrate the worm-like propagation of our CNU malware, which can quickly compromise all vulnerable Cisco phones on the network. We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet. Lastly, we built on last year's presentation by discussing the feasibility of exploiting Cisco phones from compromised HP printers and vice versa.
We present the hardware and software reverse-engineering process which led to the discovery of the vulnerabilities described below. We also present methods of exploiting the following vulnerabilities remotely.
Hacking Cisco Phones [29C3]
Back in 2016, Naomi Kritzer won the Hugo award for her brilliant, endearing story Cat Pictures Please, in which an AI with an insatiable craving for cat pictures explains its view on the world and the way that it makes humans' lives better; now Kritzer has adapted the story into her new novel, the equally […]
Cecil Castellucci (previously) is a polymath artist: YA novelist, comics writer, librettist, rock star; her latest book, Girl on Film, is an extraordinary memoir of her life in the arts, attending New York's School for the Performing Arts (AKA "The Fame School") and being raised by her parents, who are accomplished scientists.
From the 1950s until the 1980s, Randy and Dotti Smith supplied a line of fantastic cast sculptures sold in Disney theme-park gift shops, especially a line of skulls sold in shops associated with the Haunted Mansion and Pirates of the Caribbean rides; these Randotti skulls haven't been sold in decades, you can still find used ones (at high prices) online, as Boing Boing pal and fabulous illustrator Coop discovered when he sourced an impressive collection of Randotti sculpts.
Need a boost on that resume? Get a valuable tech education on your own time with these eBook bundles. They contain guides from Packt Publishing that cover everything from game development to machine learning. The Complete Mobile App Developer eBook Bundle It’s a veritable gold rush in the App Store these days. Get in on […]
Vinyl is officially back. People are hearing the proof behind the initial “retro” excitement: that records really do have a richer sound. And if you haven’t switched to old-school records for serious listening, it’s a new golden age. Why? Because quality turntables like the Altec Lansing ALT-500 are finally available to a market other than […]
Between all of our apps, streaming devices, Bluetooth speakers, and energy-sucking decorations, paying for utilities each month can be…brutal. In fact, the average household spends roughly $70 a month on the water bill alone. That number might not seem terribly significant, but when you add it up, that’s $840 a year — a pretty significant […]