Cisco has recently received questions about a vulnerability in some of our 7900 series IP office phones that is said to allow eavesdropping on nearby office conversations. This was discovered by IT security researchers at Columbia University, and we thank them for reporting it to us before presenting at various security conferences.
We are actively working on a permanent fix, and have released very detailed, step-by-step guides for customers on identifying and preventing the vulnerability from being used. We’re not aware of it being used against any of our customers – largely due the fact that it is very challenging to exploit.
Unlike other IT security issues that have received attention, this is not simply a matter of someone “hacking” into the software on one phone. As the Columbia research demonstrated, someone wishing to take advantage of the vulnerability faces several distinct challenges. They would need hardware and software skills specifically related to software at the core of IP phones, an IT network configured a very specific way, and physical access to the phone’s serial port to insert a tailor-made device pre-loaded with software.
That does not mean we take this vulnerability lightly. We first issued information to our customers at the end of last year and have recently released very detailed documents to help those responsible for protecting IP phone networks. You can see these documents here: Security Advisory and Applied Mitigation Document.
As well as offering customers the information needed to secure their phone network against this vulnerability, Cisco will issue a software update on January 21st that closes off access to the vulnerability.
UPDATE – this interim software update was released to customers ahead of schedule on January 17th.
We remain committed to making sure Cisco products maintain the highest levels of security. When we learn of vulnerabilities we will address them quickly and communicate transparently with our customers.
SVP and GM, Collaboration Technology
Tags: 7900 series, Cisco, Columbia University, eavesdropping, ip phone, vulnerability
Today’s students are connected. This past holiday break, I was reminded just how much Gen Y (18-30 year olds) requires anytime access to the tools in their life.
I came to the realization that board games and cards may become a thing of the past. If you don’t have a smartphone and/or tablet, you’re considered old school. I do have one of the two so I’m only half old school. Smartphones and technology have come a long way. I still have a bunch of physical maps in my car from when I first moved to California. I honestly don’t remember the last time I touched that stack of maps with built in navigation and point to point map applications in my phone that’ll take me where I need to go without having to plan the physical route myself beforehand. Read More »
Tags: Cisco Connected World Technology Report, digital media, mobility, new year's resolution, smartphone, social media, tablet, video conferencing
Cisco IT is transforming itself to deliver IT As A Service (ITAAS), and this is changing the way we deliver all IT services internally, including our unified communications (UC) and video services. For the business, we offer transparent IT cost information and (over time) cost reduction, as well as the ability to re-use service components for faster delivery of new services. For our employees, we are making the processes for ordering and provisioning IT services fast, automated, simple, and consistent. This goal is particularly important for our UC and video services, which provide essential voice and video communications tools for our employees. Read More »
Tags: coc-collaboration, ITaaS, service, service assurance, service management, service planning, UC, video
I once attended a customer meeting quite a few years ago where someone in the room stated that, “regardless of the collaboration channel employed, unified communications should provide everyone with a single identity to make it really easy for customers to reach the company’s employees”. I remember agreeing that although a worthwhile goal, providing users with a solitary identifier was not going to be technically feasible due to the fact we didn’t address emails with a phone number and we unfortunately had (and still do have) the “PSTN” (Public Switched Telephone Network) to deal with.
Has anything changed? I’d really like to know if anyone in the industry is predicting that we’ll ever be able have a unique global communications address, or like me, you have the opinion that the current multi-identity status quo will continue for the foreseeable future. In our current electronic communications world most of us have a minimum of two to three identities. I’m globally reachable via a couple of Cisco E.164 telephone numbers, one for my desk phone and the other for my mobile. I also have a corporate URI (Universal Resource Identifier), which most people would recognize as my email address, but nowadays also represents me as an instant messaging entity as well as associating me with three personal video endpoints. I think people naturally know when it is appropriate to use asynchronous (email or IM) communications or synchronous (telephony or video) communications, which is why we’ve all just accepted the evolution of different identities for different types of dialogue. What’s recently blurred the situation is the wide scale adoption of video URI dialing within enterprises and across the Internet resulting in a more complex addressing environment for our real time interactions. Do I call someone on their telephone number or their video URI, or should I send them an instant message to ask them?
For Cisco the answer has been Read More »
Tags: collaboration, instant messaging, PSTN, unified communications, Universal Resource Identifier, URI dialing
If you’re going to NRF, you might be interested in how to build customer relationships, maintain brand loyalty and boost sales. If your answer is a resounding YES, don’t miss our mobility events.
Here’s our line-up next week in New York.
Engage and Entice Your Customers with New Wi-Fi Solutions .
Date: Tuesday, January 15, 1013
Time: 9:15 – 10:00 a.m.
Room: 3D04, EXPO Hall, Level 3
Speakers: Bob Friday, CTO, Mobility/Wireless
Cisco Mobility CTO Bob Friday’s Big Ideas speaking session Tuesday Jan 15 will teach you how to use your wireless network to more effectively engage and entice today’s mobile, tech-savvy shoppers. Your takeaway: How your wireless network can help you enhance the in-store shopping experience.
We’re putting on two hot, mobility-centric demos at Booth #252:
- Cisco BYOD Smart Solution
More and more employees, suppliers, and customers want to bring their own devices onto your wireless network. This demo teaches you how you can support trouble-free access for all users, on any Wi-Fi-enabled device. Takeaways: How to improve employee productivity and customer service with a more secure BYOD environment.
View video of demo overview
- Cisco Connected Mobile Experiences
Learn how shoppers are behaving in your store and use that information to engage and retain them. See for yourself how Cisco and our partners can help you deliver personalized, highly targeted mobile services including location analytics, powered by Cisco ThinkSmart. Takeaways: How to optimize the customer experience to enhance store profits.
View video of demo overview
Some of you may know that we recently acquired Meraki—don’t forget to check out their booth at Booth #1283 to learn more about the benefits of the cloud to edge and branch networks.
See you there!
For more information on all of Cisco’s activities at NRF 2013, please visit our event website at www.cisco.com/go/nrf.
For the latest reports from the show floor including news, photographs and videos, please follow us on the Cisco Retail Facebook, Twitter, Youtube, Linked In and blogs