Chris Dougherty/Activist Post
Researchers at Columbia University have discovered a flaw in telephones that allows a hacker to turn a phone’s microphone into a sophisticated recording device. Using this flaw an attacker can eavesdrop on conversations remotely.
5th year PhD candidate Ang Cui and Columbia Professor Sal Stolfo discovered the flaw while working on a U.S. Defense Department grant for the Defense Advanced Research Projects Agency (DARPA). According to the researchers, they can remotely command a hacked phone to do anything they want.
For example, they say they can activate a webcam on a phone or instruct the phone’s LED light to remain off when the phone’s microphone has been activated. This way the eavesdropping victim won’t be alerted when their conversation is being recorded.
‘On the dark side, these phones are sold worldwide,’ Stolfo said. ‘Any government that would like to peer into the private lives of citizens could use this. This is a great opportunity to create a low-cost surveillance system that is already deployed. It’s a monitoring infrastructure that’s free, when you turn these into listening posts.”’
Ang Cui, who works in the Intrusion Detection Systems Lab at Columbia University, gave a presentation on December 29th demonstrating the hack at the Chaos Communications Conference in Germany. The demonstration is appropriately titled “Hacking Cisco Phones: Just Because You Are Paranoid Doesn’t Mean Your Phone Isn’t Listening To Everything You Say”.