Be Warned: Older VoIP Systems Can Leave Your Business Open to Hackers - Toolbox

Be Warned: Older VoIP Systems Can Leave Your Business Open to Hackers - Toolbox

Be Warned: Older VoIP Systems Can Leave Your Business Open to Hackers - Toolbox

Posted: 11 Oct 2019 05:52 AM PDT

Flaws in legacy Internet phone systems can remain hidden for years and hackers are all over it, increasingly using them as back doors to enter company IT networks.

According to the McAfee Advanced Threat Research team, it discovered such a vulnerability in the Avaya 9600 series IP desk phone that could be leveraged by attackers to access the phone and eavesdrop on conversations – effectively turning the $80 device into a bug.

McAfee reports that it found the back door while working on a wider project designed to detect vulnerabilities in voice over Internet protocol (VoIP) communications.

The weakness: a piece of software

The security flaw was traced directly to a piece of open source software for the Avaya phone and McAfee believes it was copied and modified at least 10 years ago. Avaya, the security firm says, simply failed to recognize and patch it.

Internet of Things devices like VoIP phones "tend to blend into our environment, in some cases not warranting a second thought about the security and privacy risks they pose," says Philippe Laulheret, a senior security researcher on the McAfee team working on the problem. "In this case, with a minimal hardware investment and free software, we were able to uncover a critical bug that remained out of sight for more than a decade."

Avaya was prompted to fix the problem, and the company says it has since been repaired.

The incident demonstrates how security issues can creep into your business through unforeseen areas such as Internet phone systems -- not the first place you're likely to check for danger.

A must-do: security checks

When your IT professionals install VoIP phones, even the latest models, they must be reminded to run security checks on them. Vulnerabilities in their software can open your entire network to cyberattackers.

Internet phones are actually minicomputers and bring many of the security vulnerabilities that plague desktop computers. Worse, they run code that your IT team may not manage and unlikely to be subjected to the same security updates as your computers. This is one way legacy security issues can remain in place for as long as a decade.

If you have adopted VoIP phone technology, make sure you regularly revisit the phones' software and security provisions and ensure that they are brought inside the network. Hacking is now cheaper and easier than it has ever been, and the reason VoIP phones have not been attacked more stems from an ignorance by amateur hackers about its vulnerabilities.

Key takeaways:

  • Avaya is the second largest VoIP phone system seller, with an installation base covering about 90% of the Fortune 100 companies. Its products target a wide spectrum of customers, from small businesses to large corporations.
  • Don't ignore your VoIP devices in a security review. Make sure you implement standard security-access restrictions on your phones as well as your computers.
  • VoIP software vulnerabilities will arise if you're using older phones with dated software. But even newer devices are being sold on the market with software dating back over a decade. In the Avaya case, the phone's software was copyrighted in 2007.

No Jitter Roll: Five for Friday | Insight for the Connected Enterprise - No Jitter

Posted: 10 Oct 2019 01:03 PM PDT

In this week's No Jitter Roll, we share the latest on enhanced platform, a UC and contact center subscription program, a CPaaS solution, UC migration software, and a new room system entrant.

Lifesize Refreshes Integration with Microsoft Teams

With the enhanced integration, Lifesize users can schedule and join Lifesize video meetings from within Teams, Lifesize said. When scheduling a meeting, the integration will prompt a user to reserve an available 4K conference room system or virtual meeting room and then provide dial-in details, Lifesize said. Participants will receive click-to-join links at the time of the meeting. The Teams integration is available for download through the Microsoft app stores, Lifesize said.

Avaya Adds UC & Contact Center Subscription Program

Avaya IX Subscription is a consumption-based pricing model that allows enterprises to choose either a monthly or annual payment and flex up to 20% over the number of subscribed users at no additional cost. In addition to UC and contact center services, Avaya has included its cloud-based team collaboration and meeting solution, Avaya IX Spaces, in the program, for all service levels.

For existing customers, Avaya will offer trade-ins of existing perpetual licenses for credits to the subscription and upgrade offers. In addition, customers not running the latest software can take advantage of an "Experience Avaya" program to upgrade to Avaya OneCloud or Avaya IX on-premises software, Avaya said.

Bring Your Own 'Voxbone'

"When we think cloud, we tend to think global, but very few cloud platforms have truly global coverage. BYOC is fundamentally about removing the geographical limitations of these platforms and giving customers more transparency and control over their communications," said Matt Brown, VP product, Voxbone.

By opening its voice network, Voxbone is providing a way for subscribers to leverage its telephony footprint in over 30 markets, including the U.S., the U.K., France, Germany, and Australia, Voxbone said. In addition, they'll be able to tap into Voxbone APIs for automating and standardizing cumbersome processes like number porting and 911 call setup.

Built on application-agnostic standards, Voxbone already has integration guides for Twilio, Genesys, Plivo, 3CX, and Voximplant, with more to come.

Voss Unveils M2UC Migration Software

Through its migration engine, M2UC discovers, extracts, transforms, validates, and loads large volumes of users, devices, and UC services, which enables enterprises to streamline UC migrations and consolidation projects, Voss said. Other features include:

  • New rules and tool framework that allows for flexible mapping and more
  • Project containers for support of multiple migration projects at once
  • Improved error handling and patching, with the ability to diagnose issues and roll-back changes if required
  • An enhanced intuitive GUI

AudioCodes Partners With Dolby for Room Experience Products

The AudioCodes Room Experience Suite includes the RX10 Meeting Speaker, RX20 Huddle Room Solution, and the first device in collaboration with Dolby, the RX50 conference phone.


Popular posts from this blog

SIP Phones Explained - Telecom Reseller

How to lower your monthly internet bill in 7 easy steps - Komando

“'It's an arms race': Inside the war on robocalls - Yahoo Finance” plus 2 more