LucasFilm inadvertently gives away details about its Network Infrastructure

Like any Star Wars fan, I was happy to see the release of the official movie title this week. Gizmodo shared an official photo from Rian Johnson’s office which is, I believe an official LucasFilm sanctioned photo.

sw_image

If you look next to R2-D2’s right leg, there appears to be a Cisco Phone. What is the big deal? Well, that little tip of the hand reveals a lot.

Further investigation shows that appears to be a Cisco CP-7965.  I determine the model # by the fact it appears to have a color screen and there are six buttons on the right and four buttons under the screen. This phone is part of a series of Cisco VoIP phones that run on an IP network.

It can be easily determined that if LucasFilm has Cisco phones, the upstream network switches that provide them with connectivity and power, are yes, you guessed it – Cisco switches.

For now, the phone is more interesting to me , though. Because if I know the model number, I can then key a search for registered vulnerabilities against that model.

These are older, but still a possibility

http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110601-phone.html

Now, there is no way to tell what code they are running on that phone, but it gives the bad guys a place to start. Again this is a case of a photo that is meant to show one thing, but too much is revealed.

Let’s circle back around to how that phone gets its power and data. These phones are supplied power by Power over Ethernet (PoE) and since this is in an office of an end user, it is probably an Cisco access-layer type switch, of which there are only a few models, each one running code of some kind. Same methodology applies, accept now there is a little more guesswork, because we don’t know the exact model of switch, just a list of potentials – so the list of exploits to try is larger.

The lesson here is clear. Don’t take pictures of offices that house potential sensitive data. In this case, it was the phone; no one would think a phone could reveal so much about an internal network, but it does.

There are some other elements in the photo that tell us more, someone could guess the Smart TV type and model, the table type and model, the software running on the screen.

Be safe! Look at the pics you put on the internet!

 

Advertisements

One thought on “LucasFilm inadvertently gives away details about its Network Infrastructure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s