Cisco IP phones, which can be found in many offices, have a security vulnerability that lets hackers take total control of them from the outside. A team of computer scientists at Columbia University found the vulnerability, which was reported to Cisco on October 22.
“We could turn a phone into a walkie-talkie that was always on by rewriting its software with 900 bytes of code. Within 10 minutes, it could then go on to compromise every other phone on its network so that you could hear everything,” researcher Ang Cui told industry publication IEEE Spectrum. Cui’s team built a circuit board, the Thingp3wn3r, which successfully hacked the Cisco IP phones via Bluetooth. In a statement, Cisco said that their patch would be integrated into their next major software release.