From CNN.com: http://www.cnn.com/2006/TECH/08/06/passport.security.ap/index.html
Another security professional showed how people can have their phone numbers hijacked when using certain types of equipment that route calls over the Internet.
The research, from Arias Hung, a security professional with Media Access Guard in Seattle, showed how to control the inner workings of Internet phone routers made by Linksys, which is owned by Cisco Systems Inc.
Once the routers are accessed, a person can change the device's so-called media access control address, which acts as a serial number that Internet phone providers such as Vonage Holdings Corp. use to verify the identity of customers.
A person exploiting the flaw could intercept calls made to a legitimate Vonage user and make calls that would appear to come from the user's phone number.
"The service providers should be very concerned," Hung said. "The general consumer should stay away from this router," he said, referring to two models that Linksys designates the WRTP54G and the RTP300.
Cisco spokeswoman Molly Ford said she could not immediately comment on Hung's research."