Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security Communications IT

Researchers Convert Phones Into Secret Listening Devices 59

Posted by timothy
from the what's-that-you-say? dept.
CowboyRobot writes "Columbia University grad student Ang Cui demonstrated how networked printers and phones can be abused by attackers. 'The attack I demonstrated is caused by the multiple vulnerabilities within the syscall interface of the CNU [Cisco Native Unix] kernel,' Cui tells Dark Reading. 'It is caused by the lack of input validation at the syscall interface, which allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP [Digital Signal Processor], buttons, and LEDs on the phone. The attack I demonstrated patches the existing kernel and DSP in order to carry out stealthy mic exfiltration.'"
This discussion has been archived. No new comments can be posted.

Researchers Convert Phones Into Secret Listening Devices

Comments Filter:
  • Re:Physical access? (Score:4, Interesting)

    by hidden (135234) on Monday December 17, 2012 @03:10AM (#42311843)

    I dunno. Not leaving any hardware behind to be discovered seems like it might have SOME value.

  • Re:Physical access? (Score:4, Interesting)

    by hawguy (1600213) on Monday December 17, 2012 @03:33AM (#42311907)

    I dunno. Not leaving any hardware behind to be discovered seems like it might have SOME value.

    Besides, when you use the phone as your bug, you don't need to worry about a power source. Gaining entry to an office as a part of the janitorial company seems like a trivial exercise for someone determined to steal corporate secrets.

    Of course, the drawback is that this would be trivial to detect with a simple IDS system: "Hey, why does the conference room phone keep sending data to a Verizon Wireless IP address?". While a traditional bug would require an RF sweep to find it - and if it saves up conversations and sends them out in a short burst, it can be nearly impossible to find without constant surveillance.

  • Re:Preach it (Score:0, Interesting)

    by Anonymous Coward on Monday December 17, 2012 @05:33AM (#42312335)

    Your cell phone is a tracking device. It always has been and always will be.

    This story is not about cell phones. It is not and never will be. It is about SIP phones which are connected to a network, and in the case of this story where the attacker gains physical access to the device.

    But I guess a 6 digit UID gets you ranked +2 even when you're trolling off-topic and mangling the English language.

You scratch my tape, and I'll scratch yours.