A tiny bug that takes only seconds to install could turn Cisco's Voice Over IP (VoIP) phones into remote listening devices, even when they appear to be hung up.
"The attack I demonstrated is caused by the multiple vulnerabilities within the syscall interface of the CNU [Cisco Native Unix] kernel," Columbia University graduate student Ang Cui told the Dark Reading security blog.
It allows the attacker to "become root" and listen to the phone's mic from a remote location via cellphone, he explained.
Although a hacker wouldn't be listening in on the call, he could potentially glean private and sensitive information from a conversation conducted near the compromised device.
Cui said the attack works by inserting a small circuit board into the phone's Ethernet port. From there he reconfigured the phone's firmware to make the switch in the phone's cradle function as a "funtenna."
For its part, Cisco has pointed to firmware updates available on its website and underscored that attackers need physical access to a phone in order to exploit the flaw.
"I encourage everyone to patch to the latest [not publicly] available firmware ASAP," Cui agreed. "At the end of the day, I'd like to see actual mechanical switches that control the various input/output devices on IP phones."
Follow Ben on Twitter.