Posted: 11 Oct 2019 05:52 AM PDT
Flaws in legacy Internet phone systems can remain hidden for years and hackers are all over it, increasingly using them as back doors to enter company IT networks.
According to the McAfee Advanced Threat Research team, it discovered such a vulnerability in the Avaya 9600 series IP desk phone that could be leveraged by attackers to access the phone and eavesdrop on conversations – effectively turning the $80 device into a bug.
McAfee reports that it found the back door while working on a wider project designed to detect vulnerabilities in voice over Internet protocol (VoIP) communications.
The weakness: a piece of softwareThe security flaw was traced directly to a piece of open source software for the Avaya phone and McAfee believes it was copied and modified at least 10 years ago. Avaya, the security firm says, simply failed to recognize and patch it.
Internet of Things devices like VoIP phones "tend to blend into our environment, in some cases not warranting a second thought about the security and privacy risks they pose," says Philippe Laulheret, a senior security researcher on the McAfee team working on the problem. "In this case, with a minimal hardware investment and free software, we were able to uncover a critical bug that remained out of sight for more than a decade."
Avaya was prompted to fix the problem, and the company says it has since been repaired.
The incident demonstrates how security issues can creep into your business through unforeseen areas such as Internet phone systems -- not the first place you're likely to check for danger.
A must-do: security checksWhen your IT professionals install VoIP phones, even the latest models, they must be reminded to run security checks on them. Vulnerabilities in their software can open your entire network to cyberattackers.
Internet phones are actually minicomputers and bring many of the security vulnerabilities that plague desktop computers. Worse, they run code that your IT team may not manage and unlikely to be subjected to the same security updates as your computers. This is one way legacy security issues can remain in place for as long as a decade.
If you have adopted VoIP phone technology, make sure you regularly revisit the phones' software and security provisions and ensure that they are brought inside the network. Hacking is now cheaper and easier than it has ever been, and the reason VoIP phones have not been attacked more stems from an ignorance by amateur hackers about its vulnerabilities.
Posted: 10 Oct 2019 01:03 PM PDT
In this week's No Jitter Roll, we share the latest on enhanced platform, a UC and contact center subscription program, a CPaaS solution, UC migration software, and a new room system entrant.
Lifesize Refreshes Integration with Microsoft Teams
With the enhanced integration, Lifesize users can schedule and join Lifesize video meetings from within Teams, Lifesize said. When scheduling a meeting, the integration will prompt a user to reserve an available 4K conference room system or virtual meeting room and then provide dial-in details, Lifesize said. Participants will receive click-to-join links at the time of the meeting. The Teams integration is available for download through the Microsoft app stores, Lifesize said.
Avaya Adds UC & Contact Center Subscription Program
Avaya IX Subscription is a consumption-based pricing model that allows enterprises to choose either a monthly or annual payment and flex up to 20% over the number of subscribed users at no additional cost. In addition to UC and contact center services, Avaya has included its cloud-based team collaboration and meeting solution, Avaya IX Spaces, in the program, for all service levels.
For existing customers, Avaya will offer trade-ins of existing perpetual licenses for credits to the subscription and upgrade offers. In addition, customers not running the latest software can take advantage of an "Experience Avaya" program to upgrade to Avaya OneCloud or Avaya IX on-premises software, Avaya said.
Bring Your Own 'Voxbone'
"When we think cloud, we tend to think global, but very few cloud platforms have truly global coverage. BYOC is fundamentally about removing the geographical limitations of these platforms and giving customers more transparency and control over their communications," said Matt Brown, VP product, Voxbone.
By opening its voice network, Voxbone is providing a way for subscribers to leverage its telephony footprint in over 30 markets, including the U.S., the U.K., France, Germany, and Australia, Voxbone said. In addition, they'll be able to tap into Voxbone APIs for automating and standardizing cumbersome processes like number porting and 911 call setup.
Built on application-agnostic standards, Voxbone already has integration guides for Twilio, Genesys, Plivo, 3CX, and Voximplant, with more to come.
Voss Unveils M2UC Migration Software
Through its migration engine, M2UC discovers, extracts, transforms, validates, and loads large volumes of users, devices, and UC services, which enables enterprises to streamline UC migrations and consolidation projects, Voss said. Other features include:
AudioCodes Partners With Dolby for Room Experience Products
The AudioCodes Room Experience Suite includes the RX10 Meeting Speaker, RX20 Huddle Room Solution, and the first device in collaboration with Dolby, the RX50 conference phone.
|You are subscribed to email updates from "avaya phone system" - Google News. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|