window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Old bug could still bite

Beware desk phones that enable hackers to listen in on your organisation – because there’s an old bug in many phones that could open doors to cyber criminals.

CNC

New research from cyber security firm McAfee has identified that there’s still an old bug in Avaya handsets.

Avaya’s the popular choice for many organisations of all sizes worldwide so the existence of the old bug is a major worry for many businesses who may not have renewed their desktop technology since 2009.

Record calls

While the core software itself was repaired a decade ago, the operating system in the desk phone firmware wasn’t. It means companies that use Avaya handsets could have their devices taken over in a Remote Code Execution (RCE) attack. This would enable a hacker to listen in on conversations and even record calls.

Avaya has published information about how to fix the problem and advises businesses to remedy the problem as soon as possible.

But some companies may need support from an independent IT consultant to help them to evaluate the risks and to implement the fix. As the bug is a decade old, it might well be the right time to consider new kit – because there’s a wide range of new options to choose from.

Big risk

The security flaw was identified in the Avaya 9600 series IP desk phone by McAfee’s researchers who demonstrated how big a risk the bug still poses. They were able to take over the normal operation of an Avaya phone, secretly remove audio recordings and potentially bug the phone.

Gary Jowett, from Computer & Network Consultants in Brighton, said: “Now’s the time to check your Avaya phone system as a matter of urgency. This old vulnerability has just become headline news again, so attempts by cyber criminals may well increase.

“It’s also worthwhile taking the opportunity to do a thorough audit of all IT services to ensure there aren’t any other weak points in your cyber defences. Sadly, hackers’ ability to plant malware that lies dormant on your network, means your systems could already be infected. The perpetrators are just waiting for the right moment to use malicious code against you. Or, it could involve your company’s systems in an unwitting attack on a third party which could lead to legal penalties and a damaged reputation.”

Newsletter Archives

By |2019-10-02T12:19:08+01:002nd October 2019|Tech News|Comments Off on Old bug could still bite

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept