VoIP telephones have serious security flaws
The Fraunhofer Institute for Secure Information Technology SIT has found serious security flaws in VoIP telephones. Users are strongly recommended to install updates that have since been made available to correct these vulnerabilities.04 Sep. 2019 Barbara Rusch
Most companies use VoIP telephones that are integrated in their company network. The Fraunhofer SIT has now tested 33 VoIP telephone devices from 25 different manufacturers for flaws and vulnerabilities by means of examining the devices’ web-based user interfaces, via which administrators can configure the phones. The result was alarming: A total of 40 in some cases serious vulnerabilities were found through which attackers could gain access to sensitive data and services.
With seven VoIP phones, one particularly severe type of vulnerability even enabled the security researchers to gain complete administrative control over the device. “This is a total security failure,” says Philipp Roskosch of the Fraunhofer SIT. Attackers could also misuse this gap to manipulate other devices in the network, such as computers or production machines. Another attack scenario was a denial of service attack that puts VoIP telephones out of action – this can be extremely damaging for business for customer hotlines.
The manufacturers of the VoIP telephones investigated were informed about the vulnerabilities found and have now closed the gaps. Users are strongly recommended to install the relevant device firmware updates. Further technical details can be found at www.sit.fraunhofer.de/cve .
Interested in news about exhibitors, top offers and trends in the industry?
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.Update Browser