Owning VOIP Phones With Zero Clicks

Found on On The Wire on Thursday, 18 February 2016

The attack takes advantage of the fact that the affected phones don’t have any authentication set up by default, but do have a vulnerability that is open to remote exploitation.

The attacker can use the phone to make, receive, and redirect calls, and also could upload new firmware to the device, Moore said. Someone with remote access to the VOIP phone also could make expensive calls to premium-rate numbers or use the line as a launching pad for fraud calls to the victim’s bank or other financial institutions.

Unless the industry realizes that security is more important than the convenience of a password-less configuration, problems like this one will happen over and over again.

Browse all articles« Previous « » Next »