LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted January 9, 2013 by jake]

DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.
-- Ed Felten makes predictions for 2013

At a recent conference on the security of connected devices, [Columbia PhD candidate Ang] Cui demonstrated how they can easily insert malicious code into a Cisco VoIP phone (any of the 14 Cisco Unified IP Phone models) and start eavesdropping on private conversations -- not just on the phone but also in the phone's surroundings -- from anywhere in the world.

"It's not just Cisco phones that are at risk. All VoIP phones are particularly problematic since they are everywhere and reveal our private communications," says [Columbia professor Salvatore] Stolfo. "It's relatively easy to penetrate any corporate phone system, any government phone system, any home with Cisco VoIP phones -- they are not secure."

-- Science Daily
(Log in to post comments)

Security quotes of the week

Posted Jan 10, 2013 13:48 UTC (Thu) by ballombe (subscriber, #9523) [Link]

>A popular competitive TV show, where viewers vote for their favorites through text messages and/or the web, will be rumored to have had its voting process “hacked”

This already happened in France 20 years ago, someone hacked the phone network to be able to push their calls before everybody else, and win the prizes.

Security quotes of the week

Posted Jan 17, 2013 14:52 UTC (Thu) by robbe (guest, #16131) [Link]

I think you misunderstood.

The prediction talks about phone/SMS *voting*: you call/text a number to vote for a particular candidate. Calling faster through whatever means will not buy you (or your preferred candidate) much. Making a lot of calls will.

Box-stuffing is normally prevented by using a premium rate number. But if you have SS7 access, you can probably bypass this.

OT: VoIP eavesdropping

Posted Feb 15, 2013 17:03 UTC (Fri) by debacle (subscriber, #7114) [Link]

I wouldn't limit this threat model to VoIP telephones. One can imagine that modern smart phones would make pretty bugs, too. Most of them even feature one or two cameras. One only would need a malicious app, that would silently answer incoming calls from the hackers number, hide the call in all logs etc., and kill itself as soon as a real incoming call is detected.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds