Consider IT

Consider IT
Consider IT
IT Security

Our response to the BBC snom VoIP Phone Article

Our response to the BBC snom VoIP Phone Article

There’s an article on the BBC news website that popped up yesterday that took our interest. It states that a “hack” lets phones “eavesdrop and make premium calls”. This was obviously a great concern for us, as it named our primary vendor, snom, as the manufacturer whose phones were used in the research.

The article can be seen on the BBC website here: http://www.bbc.co.uk/news/technology-35579273

What we can’t understand is why the BBC chose to publish such a non-story. What this “security hack” boils down to is not changing the administration page password from the default. Yes, you heard right. The only security flaw is not setting an admin password for managing the settings on the phone.

In fact, if you ignore the fact they used old firmware to carry out their tests and you perform that exact same test on firmware that isn’t old (and was only a beta release) the phone itself prompts you on the screen at every opportunity to set an Admin password.

So really, if you’ve configured your VoIP phone for making and receiving calls and you haven’t bothered to set an admin password, more fool you.

Thankfully, all of the snom phones we provision for our clients have a secure password set on them prior to delivery on site. You can tell this is the case because if you take a quick glancing look at your screen it isn’t going crazy that a password isn’t set.

So for this “hack” to work:

  1. You need to be running old firmware (by the way, when going to download it from the snom site, says “8.7.5.13 is a deprecated / unsupported versoin! Use at your own risk…”)
  2. You then need to provision your phone to make calls on a VoIP platform whilst neglecting to set an admin password
  3. You then need someone on your local network interested enough to take advantage of the fact you’ve done steps A and B and also wants to eavesdrop on you or make premium rate calls

VoIP is still an emerging technology and it’s such a shame that a business that’s meant to be on the forefront of technology has chosen to report on such a non-issue as this one. Compare it to setting up a new router for your internet connection without changing the default web admin password. It really is no different.

Lastly, just to touch on the Premium Calls part of their article where they suggest there could be toll fraud carried out (which is true), this isn’t the case on our Hosted VoIP Platform. Why? We block all premium rate numbers! 🙂

Related Posts

malwareransomware blog
April 19, 2024

Staying Ahead of the Game: 7 Strategies to Combat Malware and Ransomware

When it comes to protecting your business from cyber threats, mal...
April 19, 2024
0
cost of a cyber attack
March 19, 2024

Counting the Costs: Understanding the Financial Impact of Cyber Attacks on Businesses

Cyber attacks, once considered a distant concern, have become a p...
March 19, 2024
0
CONSIDER IT FACEBOOK CONSIDER IT Twitter CONSIDER IT Linkedin

Contact Us

0131 510 0110
[email protected]
Find Us

Customer Service

Contact Us
Our Locations
Case Studies

Information

About Consider IT
Domains
Privacy Policy
Terms & Conditions
Press Enquiries

© 2024 Consider IT Limited – All Rights Reserved
Registered office: Waterview House, 37 Shore, Edinburgh, EH6 6QU. Company Number: SC320341 | VAT number: GB 930 1862 42
Consider IT is a trading name of Consider IT Limited