Main story at The Register (http://www.theregister.co.uk/2007/11/29/cisco_voip_bug/), with an interesting comment attached too:
"
The 7900 series high end colour touchscreen units are driven by an XML page pulled from a web server.. The XML page displays graphics and allows features like soft buttons to interact back to the XML server and so provide active content on the phone.
What is not widely known is that the XML 'API' allows control of the phone features including making it go off hook, dial a number etc. The neatest feature of all is that you can do this with no visible indication of the phone being active.
So voila! Doctor the pages on the XML server (or by man in the middle) and you can make any high end 7900 series phone go off hook into handsfree speaker mode and to dial any other number silently. The party at the other end simply receives a call and listens in to chat in the boardroom or wherever.
CISCO, when the matter was quietly raised with them, said 'it's not a bug, it's a feature'
"
No comments:
Post a Comment