Security Hack Allows Phone to Eavesdrop
Security researchers have hacked a phone to demonstrate just how easy it is to eavesdrop on conversations and make premium calls on someone else's line.
The problem affects voice-over-internet- protocol phones (Voip) which is commonly installed by businesses.
The phones used in the research were from the manufacturer, Snom, who said the attack affects outdated software.
The researcher said that just by running a couple of lines of code on the website it was possible to make premium-rate calls from the phone.
By exploiting the fact that Voip phones and desktop computers are all connected to the same internet network at many organisations, attackers are able to often access the phones themselves and operate without the owner being aware.
Security researcher Per Thorsheim said it was "incredibly easy to do".
However a spokesman for Snom said: "Snom's internal investigation reveals that the desktop telephone used in Mr Paul Moore's experiment was an old 2008 telephone model utilizing outdated beta firmware... which was never in wide circulation.
"The latest and current firmware is version 220.127.116.11 and there have been multiple firmware releases since the outdated beta release."
The spokesman also added that Snom telephones request that both users and network administrators set a password during installation.
He added: "If a password is not set, a continuous non-stop, endless visual warning on the device's display is illuminated."
Security expert at the University of Salford, Professor Alan Woodward, said attacks on Voip phones were a "significant problem" and that by using online tools he was able to find many examples of phones that could be accessed using the method.
Return to internet news headlines
View Internet News Archive