Avaya VoIP phones at risk of cyber-attacks, study suggests

Espionage risks and cyberattack are normally limited to handheld phones or cellphones and to applications that are capable of connecting to the internet, but now a greater risk is upon the corporate world as office phones are also at risk to cyber-attacks.

A security researcher on McAfee’s Advanced Threat Research team warned organizations about using Avaya’s popular range of VoIP phones and to check that firmware on the devices have been updated, since there was a report that a Remote Code Execution (RCE) vulnerability in open-source software. 

The issue poses a threat to relay sensitive information such as recorded and files accessed, and all of these can be done remotely. Next to Cisco in the VoIP market, Avaya is mostly used by almost all companies since it is cheaper and also easy to manage. Avaya has been the top of the VoIP for nine years already; they were able to hold their position despite the issue of bankruptcy in 2017.

However, the researcher found out that there was a bug affecting the source software of Avaya, even though its presence in the phone’s software remained unnoticed until now. In a demonstration made by Laulherit on McAfee’s website shows that there are threats that can possibly remotely hijack a phone pulling up sensitive information like the audio conversations of clients and customers.

Phones are advised to patch up the issue so that there won’t be any more possible leakage of information or a chance to get hijacked by some potential attackers.

An Avaya spokesperson noted that the company “has a clear and well-defined policy that requires our products to use the most recent software release to make sure security issues are addressed in a timely manner. Avaya thanked Philippe Laulheret for his responsible disclosure and cooperation with Avaya during the handling of this matter. Customers should always make sure that physical access to communications devices is limited to approved personnel to prevent physical tampering with these devices by unauthorized entities.”

Cyberthreats involving IoT devices and VoIP phones

Microsoft disclosed that it had discovered that military hackers attacking from Russia had been using IoT devices as a possible entry point for harming them. Examples of which are VoIP devices and other devices that are connected to the internet.

IoT or internet of things, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. This might mean that any device that is connected to the internet could lead to a possible hijack of information, or a potential pathway for hackers to enter the system.

Raising the awareness of possible attacks are what should companies be focusing more since there would be instances that sensitive or personal information could leak out and pose a threat to the company. 

“The risks across the industry and better enterprise integration of IoT devices—today, the number of deployed IoT devices outnumber the population of personal computers and mobile phones, combined.”

The most common possible IoT security threats are; but not limited to, lack of updates, which causes attackers to potentially harm the system since updates are necessary to protect the user’s information and it updates the security. Compromised IoT devices cause the device to send tons of spam emails, which causes traffic to the network. Unsafe communication using IoT devices and remote access.

IoT threats are not inevitable but can be prevented. There is no safety number when it comes to the devices that are in threat since IoT devices are growing rapidly every year and thus becoming one of the major security concerns.

Smart devices are all good and useful to the everyday lives of the people, but without proper security measurements, this could be a problem. Daily living could be potentially placed at risk.

Security measures can be placed when either using a desktop or a laptop since they contain malware protection applications but the risk still resides with mobile phones and even IoT office phones since they do not have any means of protection when it comes to potential malware and even attacks.

Always be vigilant and keep on updating your security, either your password or your security code, to prevent potential hacking.

About the Author

Al Restar
A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Be the first to comment on "Avaya VoIP phones at risk of cyber-attacks, study suggests"

Leave a comment

Your email address will not be published.


*