Security researchers have designed a stealthy eavesdropping attack that sounds like it's straight out of a James Bond movie. It starts with a booby-trapped document that compromises an unpatched laser printer, which in turn converts a popular Internet phone into a covert bugging device.
The proof-of-concept attack exploits currently unpatched vulnerabilities in the Avaya one-X 9608, a popular model of phone that uses the Internet rather than a standard phone line to make and receive calls. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, declined to provide many details on the vulnerabilities until users have had time to install a patch that Avaya is expected to release soon. He did say the weaknesses allow devices on the same local network to remotely execute code that causes the device to surreptitiously record all sounds within earshot and transmit them to a server controlled by attackers. He demonstrated a similar bugging vulnerability last year in competing Internet phones designed by Cisco Systems, which has since patched the underlying bugs.
Cui, who is scheduled to present his research Friday at the RSA security conference in San Francisco, said the attack underscores the growing susceptibility of phones, routers, and other embedded devices to the types of malware attacks that once threatened only computers. He and Salvatore Stolfo, who is a Columbia University professor of computer science and a Red Balloon director, have devised software dubbed Symbiote, which runs on Internet phones and other embedded devices and alerts users whenever changes are made to the firmware. Symbiote is part of a larger defense the pair has developed called AESOP, short for the Advanced Embedded Sec Ops.