A fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP (VoIP) phones that could easily eavesdrop on private conversations remotely.

The vulnerability that the student demonstrated was based on work he did over the last year on what he called ‘Project Gunman v2’, where a laser printer firmware update could be compromised to include additional, and potentially malicious, code.

more into it here