Posted by: Dave Bateman
A couple of ingenious young men have devised a way to keep the microphone on a 7900 series phone open and send the audio to a smart phone. This sounds like a pretty major security hole and one that could cause a lot of trouble for Cisco. But when the dust settles , you see that it really isn’t.
In order for this exploit to work, a small device needs to be attached to the serial port on the back of the phone. This , of course, requires physical access to the phone. Most likely a user would notice a circuit board plugged in to the back of their PC. However, it has been reported that once the device is attached to one phone, other phones on the same network can be compromised. This means that anyone in the company could attached this device to their phone and open up this threat to other phones.
The reason is not as large of a concern as it would seem in that Cisco has already released a patch that prevents this vulnerability. Fortunately for Cisco and many of its customers, the two individuals that discovered this exploit notified Cisco before making it public. However, there is no guarantee that the next time an exploit like this is found we will be so lucky.