Tuesday, October 20, 12:58
Home security Which VOIP Phones Have Been Troubled For Years?

Which VOIP Phones Have Been Troubled For Years?

VOIP Phones: There are times when open source vulnerabilities can remain years in the most vague systems, as recently demonstrated by Advanced Threat Research's team McAfee.

The first surprise was that the threat was revealed in one of the most popular office equipment used in businesses around the world: a VOIP phone. This is the popular and widely deployed IP Deskphone of the Avaya 9600 series running on Linux. Avaya is one of the world's largest VoIP providers with an established base.

VOIP phones

The second surprise was that vulnerability 2009 was first reported and released security updates.

And the third surprise was that the error was not found in an earlier version of the Avaya 9600 IP Deskphone but in its latest model which is still widely sold and distributed.

Having been notified of error - with some suggested fixes by McAfee's team, Avaya has published a Security Advisory and vulnerability solution.

What went wrong? How has this error managed to escape detection in VoIP phones for so long?

Philippe Laulheret, senior security researcher at McAfee Advanced Threat Research, who conducted a phone survey, believes Avaya is likely to copy and modify it. open source software responsible for remote code execution (RCE) vulnerability, and then failed to implement the following security patches in this.

VOIP IP Deskphone Phones

As a result, an attacker could "exploit the phone's normal operation, remove the sound from its phone and possibly harm it. In addition, the attack can potentially take place by direct connection to the phone - or by connecting to the same network to which the vulnerable phone is connected.

This means that attackers could use the VOIP phone to record calls and network traffic - or even deploy malware on all devices on the network. The attackers could also use their access to launch an attack ransomware that could throw down an organization's phone system.

While many people tend to regard VOIP phones as "just a phone", they are essentially computers or devices. IOT. Although Avaya was in a hurry to fix the problem, ensuring the risk was mitigated, it warned that this was not an isolated case.

"Many devices in many industries are still running over ten years of code. Therefore, it is important to consider all networked devices operating with unmanaged codes that should be isolated and monitored accordingly. "


Please enter your comment!
Please enter your name here


FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...

Hackers hijack Telegram via an SS7 attack

Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world were able to ...

Windows GravityRAT malware now targets Android and macOS

GravityRAT, a malware that monitors the CPU temperature of Windows computers to detect virtual machines or sandboxes, has acquired additional ...

DDoS attacks tripled, forcing victims to pay a ransom

The last quarter of 2020 saw a wave of web application attacks that have used ransom letters to target companies in various industries ....

Phishing campaign violates Office 365 accounts through OAuth app

Security researchers have discovered a new phishing campaign that uses a Coinbase-themed email. Target of the hackers behind the campaign, ...

A hacking team donated money stolen from attacks

A hacking team donated some of the money it stole from companies to charities. This is an unprecedented case that raises ...

Instagram: Investigated by the EU for child data protection

Instagram is under investigation by the EU, as it allegedly failed to ensure the protection of children's data on its platform ....

Ransomware attack "cost" $ 300.000 in Mississippi schools!

A Mississippi school district voted to pay $ 300.000 to recover files encrypted during an ransomware attack. A...

Russian hackers were planning attacks at the Tokyo Olympics!

The UK government said yesterday that Russian hackers were preparing cyber-attacks against the organizers of the Olympic and Paralympic Games ...