Cisco has recently received questions about a vulnerability in some of our 7900 series IP office phones that is said to allow eavesdropping on nearby office conversations. This was discovered by IT security researchers at Columbia University, and we thank them for reporting it to us before presenting at various security conferences.
We are actively working on a permanent fix, and have released very detailed, step-by-step guides for customers on identifying and preventing the vulnerability from being used. We’re not aware of it being used against any of our customers – largely due the fact that it is very challenging to exploit.
Unlike other IT security issues that have received attention, this is not simply a matter of someone “hacking” into the software on one phone. As the Columbia research demonstrated, someone wishing to take advantage of the vulnerability faces several distinct challenges. They would need hardware and software skills specifically related to software at the core of IP phones, an IT network configured a very specific way, and physical access to the phone’s serial port to insert a tailor-made device pre-loaded with software.
That does not mean we take this vulnerability lightly. We first issued information to our customers at the end of last year and have recently released very detailed documents to help those responsible for protecting IP phone networks. You can see these documents here: Security Advisory and Applied Mitigation Document.
As well as offering customers the information needed to secure their phone network against this vulnerability, Cisco will issue a software update on January 21st that closes off access to the vulnerability.
UPDATE – this interim software update was released to customers ahead of schedule on January 17th.
We remain committed to making sure Cisco products maintain the highest levels of security. When we learn of vulnerabilities we will address them quickly and communicate transparently with our customers.
SVP and GM, Collaboration Technology
Tags: 7900 series, Cisco, Columbia University, eavesdropping, ip phone, vulnerability
I once attended a customer meeting quite a few years ago where someone in the room stated that, “regardless of the collaboration channel employed, unified communications should provide everyone with a single identity to make it really easy for customers to reach the company’s employees”. I remember agreeing that although a worthwhile goal, providing users with a solitary identifier was not going to be technically feasible due to the fact we didn’t address emails with a phone number and we unfortunately had (and still do have) the “PSTN” (Public Switched Telephone Network) to deal with.
Has anything changed? I’d really like to know if anyone in the industry is predicting that we’ll ever be able have a unique global communications address, or like me, you have the opinion that the current multi-identity status quo will continue for the foreseeable future. In our current electronic communications world most of us have a minimum of two to three identities. I’m globally reachable via a couple of Cisco E.164 telephone numbers, one for my desk phone and the other for my mobile. I also have a corporate URI (Universal Resource Identifier), which most people would recognize as my email address, but nowadays also represents me as an instant messaging entity as well as associating me with three personal video endpoints. I think people naturally know when it is appropriate to use asynchronous (email or IM) communications or synchronous (telephony or video) communications, which is why we’ve all just accepted the evolution of different identities for different types of dialogue. What’s recently blurred the situation is the wide scale adoption of video URI dialing within enterprises and across the Internet resulting in a more complex addressing environment for our real time interactions. Do I call someone on their telephone number or their video URI, or should I send them an instant message to ask them?
For Cisco the answer has been Read More »
Tags: collaboration, instant messaging, PSTN, unified communications, Universal Resource Identifier, URI dialing
This is the second of a four-part series. Part I introduced decision-driven collaboration. Upcoming posts will explore evaluation and execution.
Better decisions don’t necessarily come from the existence of better information. The information is usually somewhere in the organization, but there’s no benefit to the decision-making process unless people actually use it. Executives often don’t take full advantage of all the specialized knowledge that employees can contribute. Maybe they don’t know the information is there. Maybe they know it must be somewhere, but don’t know how to get it. Or, well, maybe they’re just not looking for it in the first place.
Improving the decision-making process comes as a result of evolving ideas around collaboration and by connecting people and empowering them to work together. Cisco IBSG calls this “Decision-Driven Collaboration” and outlines three core elements that build upon one another in the decision process:
- Collaborate to Engage: Identify key contributors, solicit input, share ideas.
- Collaborate to Evaluate: Shape the matter to be decided, consider viable alternatives.
- Collaborate to Execute: Make a clear decision, align relevant parties, put it into practice.
Although the executives in an IBSG survey rated their own decision-making ability highly, the managers and individual contributors were (surprise!) not nearly as confident in the decisions handed to them to execute. Making critical strategic decisions without engaging the right people and information in your organization should be a candidate for a new definition of risk in the next edition of the dictionary, followed closely by leaping out of an airplane minus a parachute.
Just ask Borders. Borders missed the online retailing boat in a big way. How big? Read More »
Tags: Amazon.com, Barnes and Noble, Borders, Cisco IBSG Horizon Study, collaboration, decision making, decision-driven collaboration, enterprise social software, IBSG, leadership
Have you stopped to think about how much your desktop has evolved over the past 5 years? Many elements from it have evolved, some have disappeared, and others are still there as they were before. But why haven’t they all changed at the same pace? To me, the answer is in the quality of the experience those elements provide, and the possibility to have your full desktop environment on whatever device you choose.
Take, for example, the personal computer. For many of us, that device became mobile years ago without sacrificing much performance but adding a lot of convenience and new capabilities. Many of us use a smartphone and the availability of new touch-screen computing devices, such as tablets, have considerably changed the way many people interact with applications and information.
But it does not seem to me that we are looking at the “convergence” of those devices into one “universal device” that will replace all those three and deliver the features, capabilities, and convenience we enjoy from all three form factors. Why?
From the user experience perspective, the mobile revolution helped us to be “free” from fixed office locations but it did not provide ease of use, flexibility and capabilities for all the use case scenarios that traditional desktop accessories offer. Most users (me included) would struggle to Read More »
Tags: Cisco Virtualization Experience Infrastructure, Cisco VXI, cloud, collaboration, desktop virtualization, unified workspace, user experience
Decisions have consequences. It’s a simple fact that not even my fourth grader will dispute. But if it’s so simple, why do organizations often have so much trouble making good decisions? Or, knowing the potential consequences, why do they pay little attention to how they go about the whole decision-making process?
It’s easy to find outside factors at which to point fingers when things go wrong – economy, competitors, politics, weather, Mercury in retrograde – but honesty requires that we acknowledge that internal factors and poorly made decisions are at the root of most major organizational failures. But it seems that most leaders aren’t ready for that level of self-reflection. Just ask them.
Cisco IBSG asked more than 1,000 executives to rate the ability of their companies to make successful decisions on critical issues — such as corporate strategy, acquisitions, product launches, and entering new markets — 71% chose Read More »
Tags: Cisco IBSG Horizon Study, collaboration, collaboration architecture, decision making, decision-driven collaboration, IBSG, leadership