Intercepting Avaya VOIP phone calls is possible now
Cybersecurity risks related to phone use are usually limited to the physical integrity of a device or the use of mobile applications that can connect to the Internet. However, network security experts claim to have detected a new risk scenario, especially dangerous in corporate environments.
A recent investigation by security firm McAfee
found some issues with Avaya manufacturer’s Voice
over Internet Protocol (VoIP) phones that would allow a malicious actor
to run remote code in the device’s software. Experts recommend checking for
firmware updates for these computers.
Network security experts consider that these
flaws compromise some of the main features of VoIP telephony, such as sensitive
information relay. During the investigation, an error was detected in Avaya’s
source code and a proof-of-concept designed by researchers demonstrates that
there are various attack vectors to take control of a device remotely and
extract conversations, file logs, etc.
In this regard, the company issued a statement
mentioning that: “We have a well-defined policy on software updates to
ensure that our products are kept safe from known security threats.” In
addition to implementing the due updates, Avaya advised its customers to
maintain physical access to their devices limited only to responsible personnel,
as intrusions could begin with just an oversight.
Avaya is, together with Cisco, the most used
company when it comes to VoIP services, as it is accessible to any company and
is also easy to use. Avaya maintained its dominant position in the market even
after filing for bankruptcy a couple of years ago.
Unfortunately, this isn’t the only flaw affecting Internet of Things (IoT) devices recently discovered by network security specialists. In a new security report, Microsoft unveiled a cyberattack campaign perpetrated by Russian hackers that exploited some weaknesses in the security of any Internet connected device.
Disseminating this kind of information is vital
to the cybersecurity environment of thousands of companies around the world
because, in case these inconveniences go unnoticed by business IT staff, highly
sensitive information could be exposed to any attacker with the necessary
knowledge and resources, compromising the stability of organizations;
“Currently, the number of IoT devices used in companies far outperforms
other traditional computer and telephony equipment, so the risks in any
industrial sector are huge,” the experts added.
According to network security specialists from
the International Institute of Cyber Security (IICS), one of the most common
risk scenarios in the use of IoT equipment nowadays is the lack of proper
software updates. The absence of security updates is one of the main causes of
leakage of sensitive information via remote access, among other attack
variants. While it is impossible to avoid all security threats on IoT devices,
software updates can be critical to preventing multiple chaotic scenarios for a
company’s information security environment; in addition, IT teams should
consider that the use of these devices will keep growing in the future, so
stricter security measures are critical.
(Visited 1 5 times)
Gloss