Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7452
Views
10
Helpful
7
Replies

Eavesdropping a Cisco IP phone

jason-calbert_2
Level 3
Level 3

‎02-09-2009 12:15 PM - edited ‎03-15-2019 04:05 PM

Hello,

I have someone that is concerned about his phone being listening in on. I'm looking for a cisco document that describes all the ways that this could possibly be done.

If anyone has any suggestions on how to ease this persons concerns please let me know. Thanks

Jason

Labels:
0 Helpful
7 Replies 7

Nicholas Matthews
Level 9
Level 9

‎02-09-2009 01:24 PM

Hi Jason,

This can be done by anyone that has access to a network device between his endpoint and the RTP stream where it terminates (gateway, MTP, another phone).

This is normally done via a SPAN session. It is possible to rebuild G.711 calls with free software very easily (Wireshark).

This isn't like analog telephony where the wire may make noises or give any indication that people are listening.

This would just be packets being copied over to another interface - which is entirely silent and undetectable unless you look at the switch configurations.

You can try configuring SRTP for your system, so that even if someone does sniff the traffic, they can't do anything with it.

hth,

nick

0 Helpful

jason-calbert_2
Level 3
Level 3
In response to Nicholas Matthews

‎02-09-2009 01:31 PM

Nick,

Thanks for the reply. Is there any Cisco documentation that would talk about anything like this.

I was also thinking about other methods such as the barge feature any others that you can think of that could potentialy allow for listening in on a conversation. Thanks for your help

Jason

0 Helpful

timothyrand
Level 1
Level 1
In response to jason-calbert_2

‎10-30-2009 11:45 AM

I am also interested in this subject. I heard about the eavesdropping vulnerability discussed in http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml Do you know whether there are any other attack vectors other than HTTP - like via SCCP or an SDK application for example ?

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎02-09-2009 01:26 PM

Hi, summarizing:

1. If the call goes via PSTN at any point is not possible to protect confidentiality in any way, because there is always the possibility of wiretap inside or outside premises. You will notice that in fact this type of calls are the ones about what people is mostly worried.

2. If the call goes via VoIP exclusively, the only way to ensure confidentiality is to configure SRTP, that cyper the voice strame and will make a lock appear in the phone display. All other methods can be defeated by skilled attackers and of course by malicious system administrators.

3. Really motivated attackers do not care about wiretapping the line or the phone. They use "evironmental bugs" in the room or elsewhere.

I know that all this can seem to go a little overboard, but it's simply the truth, then it's up to you to decide how to present it to your concerned user.

jason-calbert_2
Level 3
Level 3
In response to paolo bevilacqua

‎02-09-2009 01:34 PM

Hello,

I agree with your assesment. The only real way would be to use SRTP every where. Do you know of any Cisco documents that may talk about the security vulnerabilities?

Also any callmanager features that would make this possible. One I though of was the barge feature. Thanks for your help.

Jason

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to jason-calbert_2

‎02-09-2009 01:41 PM

Jason, as far as I know here are no known vulnerabilities in cisco's SRTP.

I would look at CM's SRND for an implementation guide.

What I want to bring your attention to, is point 1 of my previous post.

When realizing that wiretapping can always happen at PSTN level, most users are willing to renounce to the incomplete protection available with encryption in network, consequently relieving the system administrator from the burden of configuring and maintaining it. Security comes at a price!

0 Helpful

Nicholas Matthews
Level 9
Level 9
In response to jason-calbert_2

‎02-09-2009 02:17 PM

Hi Jason,

SRTP is not something to be taken lightly. The configuration can become very overwhelming very quickly. And even then, there will be so many things that you cannot encrypt that the entire process becomes very questionable whether it was worth the effort or not.

SRTP implementation is generally used by large organizations / government that have no room for error or security breaches.

And that's not going to stop anyone from doing things in the 'physical' world like pointing listening devices at your users or putting 'bugs' in the room.

There are some features for IPCC that allow this to happen. Otherwise, every other feature notifies the user that someone is listening.

If you make sure your switches haven't been compromised, you should be fine.

hth,

nick

Customers Also Viewed These Support Documents