|
|
Hacking the lobby telephone
2008-02-18
John Kindervag, senior security architect for Vigilar, said that public waiting areas in hospitals, conference rooms, and hotel rooms are particularly vulnerable to this attack since often there is no IT staff around. Appearing on stage at the East Coast computer hacker conference with Kindervag was Jason Ostrom, manager of Vigilar's Vulnerability Assessment and Compliance Practice team, who used the ShmooCon conference to show off his latest version of VoIP Hopper, a tool he uses for penetration testing of companies that are running voice over IP phone systems.
Kindervag said that VoIP was gaining acceptance with large companies and organizations for many reasons: there are no toll calls over the Internet; there's less cabling involved; employees can move offices without having to rewire or change switching operations for their phones; and finally, voice mail notices can appear in one's Outlook inbox. "This is very popular among CIOs," Kindervag said.
But Ostrom's tool allows one to hook up a laptop computer to a public VoIP phone and connect to the company's or organization's internal network with full administrator access. VoIP Hopper can be used to intercept Cisco Discovery Protocol (CDP), which announces the device type and the SNMP agent address of neighboring devices, and automatically create a new ethernet device. This could allow someone to map or otherwise do damage to a company's network from a public waiting area. The tool also allows one to physically remove the phone and have a laptop spoof the phone's MAC address, so the network is unaware that a laptop has replaced the expected phone.
To prevent such attacks, the researchers recommend turning off CDP. They also recommend disabling port 2 on any public VoIP phone, and include the public phone within a firewall.
Posted by Robert Vamosi
|
|
|
|
VoIP Providers List Information |
|
|
|
If you have any constructive thoughts, creative ideas, or reasonable offers, please, contact us.
|
|
Send Email to Helen O'Neill if you have any questions either about this website, or about VoIP providers, or VoIP in general.
|
|
Send Email to our technical support if you have any technical queries.
|
About VoIP Providers List
VoIP Providers List services save time for companies searching both for information and interconnection partners, interested in voice minutes exchange, i.e. VoIP minutes termination and origination, as well as hardware and software trade. We provide information on interconnection services, VoIP hardware solutions and VoIP software , as well as overall situation in the VoIP industry.
VoIP Providers List is constantly moderated, and thus we can guarantee that any VoIP provider published in the web-based company catalogue has provided accurate details on its services and operations.
We are constantly working on improvement and development of our services. Your comments and proposals regarding the services are highly welcome. Please, do not hesitate to contact us providing with your ideas, opinion, and feed-back. We will be grateful for any information and useful links on Voice over IP, VoIP hardware, VoIP software, and VoIP Providers. |
|
|
|
|
VoIP Providers Statistics |
|
|
Providers in database: 3315
Users Online: 266
|
|
|
