No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hacking Cisco Phones

In its response, Cisco notes 3 conditions that must be present for the attack to be possible:

* The internal web server of the IP phone must be enabled. The web server is enabled by default.

* The IP phone must be configured to use the Extension Mobility feature, which is not enabled by default.

* The attacker must possess or obtain valid Extension Mobility authentication credentials.

* The IP phone must be configured to use the Extension Mobility feature, which is not enabled by default.

* The attacker must possess or obtain valid Extension Mobility authentication credentials.

Not surprisingly, Jonathan Rosenbaum of Cisco addressed some of these issues, in more general terms, at Interop in New York last October. Jonathan specifically spoke to the issue of having Web servers on phones, and said, "You've got to treat it [the phone] as a computer that's been deployed out there."

I think that's the critical point: If exploits increase, it'll be in large part because the people who deploy VOIP networks and all of their component parts treat those parts as if they're exact equivalents to the TDM gear they replace. Functionally, there may not be much change--a fact that's occasioned some grumbling and given Unified Communications advocates a marketing opening--but as these exploits show, network elements like phones are, in fact, very different animals in the VOIP world than TDM.