If you are one of the many companies who use affects voice-over-internet-protocol () phones then you may find the results of a recent Security Researcher’s hacking experiment worrying.
Researchers Per Thorsheim Scott Helme, and Information Consultant Paul Moore set up and published online the results of an experiment designed to demonstrate howphones have serious security vulnerabilities.
What Can The Hackers Do?
The researchers in this case proved that hackers using this method can use your phone to dial a premium-rate number, and at the same time disable the speaker so that you are unaware that it is happening. In fact this kind of hack can allow yourphone hacker to do almost anything they like with your phone including:
- Make, receive and transfer calls (even before it rings)
- Play recordings
- Upload new firmware
- Use your phone for covert surveillance i.e. eavesdropping
- Other kinds of social threats, interception and modification and service abuse.
Very Common Hack
Nettitude Research from 2015 helped to highlight how common this type of hack has become. A large amount ofattacks were recorded worldwide, but in the UK the problem was (and very likely still is) very bad with attacks against services making up 67% of all attacks recorded against UK based servers.
What Can Be Done?
One important measure that phone vendors could take to minimise the risk of these attacks could be to supply devices with “default” credentials, and to make sure that all other functionality in the phone can be disabled until a suitably secure password is set to replace it. For businesses it is important to check that the right password protection has been provided during the set-up of thephone(s), and to be aware of the risks that phones can cause, despite their cost advantages.