How Hackers Can Take Control of Your Business Voip Phone
If you are one of the many companies who use voice-over-internet-protocol (Voip) phones then you may find the results of a recent Security Researcher’s hacking experiment worrying.
Researchers Per Thorsheim Scott Helme and Information Consultant Paul Moore set up and published (online) the results of an experiment designed to demonstrate how Voip phones can have serious security vulnerabilities.
The fault occurs when Voip phones are set up and left with default settings and with the default password, where the phone does not require a special set of default credentials and where it does not force you to set a password when setting the phone up. This is sadly an all-too-common occurrence and one that means that no authentication is therefore required.
What Can The Hackers Do?
The researchers in this case proved that hackers using this method can use your phone to dial a premium-rate number and at the same time disable the speaker so that you are unaware that it is happening. In fact this kind of hack can allow your Voip phone hacker to do almost anything they like with your phone including:
Very Common Hack
Nettitude Research from 2015 helped to highlight how common this type of hack has become.
What Can Be Done?
One important measure that phone vendors could take to minimise the risk of these attacks could be to supply devices with "default" credentials and to make sure that all other functionality in the phone can be disabled until a suitably secure password is set to replace it.