Friday, January 4, 2013

Security Director Alert - VoIP Phone Eavesdropping

Murray Associates warns clients that VoIP phones are inherently less secure than the older style phones. It is one reason they advise disconnecting phones in meeting rooms until they are needed. 

Ang Cui, through his extensive research, has moved this threat from theoretical to very real. 

For in-depth information we recommend viewing his presentation. (video)

High-tech telephones common on many workplace desks in the U.S. can be hacked and turned into eavesdropping devices, researchers at Columbia University have discovered.

The hack, demonstrated for NBC News, allows the researchers to turn on a telephone's microphone and listen in on conversations from anywhere around the globe. The only requirement, they say, is an Internet connection.

Doctoral candidate Ang Cui and Columbia Professor Sal Stolfo, who discovered the flaw while working on a grant from the U.S. Defense Department, say they can remotely order a hacked telephone to do anything they want and use software to hide their tracks. For example, they said they could turn on a webcam on a phone equipped with one or instruct the phone's LED light to stay dark when the phone's microphone has been turned on, so an eavesdropping subject wouldn’t be alerted that their phone has been hacked. (more)