[ad_1]
Cui du He spent 10 years into hacking Office phones connected to the Internet and other “embedded devices”, that is, devices that do not look they’re like computers or servers, but they have all the catch: the processor, the memory, and often the ability to connect to other devices or the Internet. As the founder of Red Balloon Security, Cui spends a lot of time evaluating sophisticated industry control systems and satellite infrastructure, but still returns to IP phones as a barometer to make sure the Internet of Things is making progress. His latest research indicates that there is still a long way to go.
At the SummerCon security conference in New York on Friday, Cuik and his Red Globe colleague Yuanzhe Wu are presenting new findings about a vulnerability more than a dozen models Cisco IP Desk Phones It can only be used with physical access to a target device, but if an attacker manages to do so, they can gain full control of the phone, then use it to listen to calls, make mistakes in the surrounding room, or use other harmful activities.
“Cisco has released updates to this software and is not aware of the malicious use of vulnerability described in the release,” a Cisco spokesman told WIRED in a statement. security notification the company released on Wednesday.
However, Red Balloon researchers say Cisco’s patch doesn’t completely eradicate vulnerability; it makes it difficult to exploit the error. The weakness they explain is not in the code that Cisco can rewrite or control. Instead, the chip manufacturer Broadcom lives on a low-level firmware developed for processors used by Cisco as an additional feature of hardware security. This means that there is the same weakness in other embedded devices that use the same Broadcom chips.
Broadcom has not returned several requests for comments from WIRED, but Cisco said Wednesday that the error is in Broadcom’s firmware implementation.
“Look, we’ve all been here before reporting Cisco IP Phone bugs, and they’ve come a long way in many aspects,” Cui told WIRED before SummerCon. “But the presence of vulnerability here is not surprising. After all, these things are no safer than they were 10 years ago.”
Researchers at Red Balloon Security tested the vulnerability on the Cisco 8841 phone, which is specifically designed to give the hardware with the Broadcom BCM 911360 TrustZone chip a hardware “root of trust”. Hardware roots of trust may enhance the overall security of the device. Microsoft, for example, is there today making a big push for users to consider Windows 11 as part of their system requirements. The idea is to add an additional chip that is immutable and that the main processor of the device cannot fundamentally change. In this way, TrustZone can be trusted to basically monitor the rest of the systems and implement controls to launch security guards without the risk of it being damaged.
Trusted hardware roots can cause difficulties for device security, but in practice they also create a “viewer-looking” enigma. If there are vulnerabilities in the hardware security feature, they silently undermine the integrity of the entire device.
Researchers looking at Cisco phones have a Broadcom chip interface for application programming, which allows limited interaction for things like setting up device encryption services. Investigators found a bug in the API, but they may be tricked into running commands that attackers would not support.
[ad_2]
Source link
