Hackers can access sensitive data and services also via telephone devices: Most companies use VoIP telephones that are integrated into the company network. Security researchers at the Fraunhofer Institute for Secure Information Technology have found a total of 40 partly serious vulnerabilities in these VoIP telephones. Attackers can misuse these gaps to intercept calls, deactivate the telephone or gain further access to the company network. The VoIP telephones producers have by now closed these vulnerabilities. The researchers presented the results of their investigations at DEFCON, one of the world’s largest hacker conferences.
The security experts at Fraunhofer SIT tested a total of 33 VoIP telephone devices from 25 different manufacturers for flaws and vulnerabilities. For this purpose, they examined the devices’ web-based user interfaces , which administrators can use to configure the phones.
Even the security experts were surprised by the results: "We didn't expect to find so many critical gaps, because these devices have been on the market for a long time and they should have been tested and secure," explains Stephan Huber, one of the researchers involved in the study.
One type of vulnerability was so severe that the security researchers were able to gain complete administrative control over the VoIP phone. "This is a total security failure", says scientist Philipp Roskosch, who was involved in the investigation as well.
Attackers could also use this to manipulate other devices in the same network, such as other VoIP telephones, computers or production machines. This attack was possible with seven devices. Another attack scenario was a denial of service attack that took VoIP phones out of action. This can damage the business of customer hotlines, e.g. banks or insurance companies.
The security researchers informed all the manufacturers of the VoIP telephones investigated about the vulnerabilities found; they all reacted and closed the gaps. The Fraunhofer SIT experts therefore advise all users to keep their own devices up to date and to pay attention to updates for the device firmware.
Further technical details on the VoIP telephones investigated and the gaps can be found on the Internet at www.sit.fraunhofer.de/cve
Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Artificial intelligence in the fight against river blindness
14.08.2019 | Rheinische Friedrich-Wilhelms-Universität Bonn
All-optical diffractive neural network closes performance gap with electronic neural networks
14.08.2019 | SPIE--International Society for Optics and Photonics
Soft robots have a distinct advantage over their rigid forebears: they can adapt to complex environments, handle fragile objects and interact safely with humans. Made from silicone, rubber or other stretchable polymers, they are ideal for use in rehabilitation exoskeletons and robotic clothing. Soft bio-inspired robots could one day be deployed to explore remote or dangerous environments.
Most soft robots are actuated by rigid, noisy pumps that push fluids into the machines' moving parts. Because they are connected to these bulky pumps by tubes,...
Researchers at TU Graz are working together with European partners on new possibilities of measuring vehicle emissions.
Today, air pollution is one of the biggest challenges facing European cities. As part of the Horizon 2020 research project CARES (City Air Remote Emission...
Over the next three years, researchers from the Vrije Universiteit Brussel, University of Cambridge, École Supérieure de Physique et de Chimie Industrielles de la ville de Paris (ESPCI-Paris) and Empa will be working together with the Dutch Polymer manufacturer SupraPolix on the next generation of robots: (soft) robots that ‘feel pain’ and heal themselves. The partners can count on 3 million Euro in support from the European Commission.
Soon robots will not only be found in factories and laboratories, but will be assisting us in our immediate environment. They will help us in the household, to...
Scientists at the University of Leeds have created a new form of gold which is just two atoms thick - the thinnest unsupported gold ever created.
The researchers measured the thickness of the gold to be 0.47 nanometres - that is one million times thinner than a human finger nail. The material is regarded...
An international team of scientists involving the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) in Hamburg has unraveled the light-induced electron-localization dynamics in transition metals at the attosecond timescale. The team investigated for the first time the many-body electron dynamics in transition metals before thermalization sets in. Their work has now appeared in Nature Physics.
The researchers from ETH Zurich (Switzerland), the MPSD (Germany), the Center for Computational Sciences of University of Tsukuba (Japan) and the Center for...
14.08.2019 | Event News
12.08.2019 | Event News
12.08.2019 | Event News
16.08.2019 | Life Sciences
16.08.2019 | Life Sciences
16.08.2019 | Ecology, The Environment and Conservation