And Cui emphasizes that hardware security mechanisms are only as good as the code supporting them. The Red Balloon team's findings raise larger questions about what other embedded devices use Broadcom chips with vulnerable TrustZone implementations. They're sitting on every desk and in every conference room and could be listening in on your secret meeting.” “And as we've talked about for years, the concern is that IP phones are incredibly ubiquitous in office environments. “This wouldn’t be too hard to find for anyone on the planet who cares about exploiting a Cisco phone,” Cui says.
#CISCO CODE CHECKER SOFTWARE#
“Cisco has released software updates for this issue and is not aware of malicious use of the vulnerability described in the advisory,” a Cisco spokesperson told WIRED in a statement, referring to a security notification the company published on Wednesday.
#CISCO CODE CHECKER FULL#
It can be exploited only with physical access to a target device, but if an attacker has managed that, they could gain full control of the phone, which they could then use to eavesdrop on calls, bug the surrounding room, or for other malicious activities. His latest research indicates that there's still a long way to go.Īt the SummerCon security conference in New York City on Friday, Cui and his Red Balloon colleague Yuanzhe Wu are presenting new findings about a vulnerability in more than a dozen models of Cisco IP desk phones. As the founder of Red Balloon Security, Cui spends plenty of time evaluating sophisticated industrial control systems and even satellite infrastructure, but he still comes back to IP phones as a barometer for how much progress has been made securing the Internet of Things. Ang Cui has spent 10 years hacking into internet-connected office phones and other “embedded devices”-that is, devices that don't look like computers or servers but have all the trappings: a processor, memory, and, often, the ability to connect to other devices or the internet.
0 kommentar(er)
