Popular enterprise VoIP phone hacked

A public hacking warning group has found a large security flaw in the web interface of the popular Snom phone. The phone is widely distributed through business and has a web interface to enable calls and management. The same people who hi-jacked the BT Home Hub have detailed in easy-to-read detail how they took over the Snom phone.

GNUcitizen.org notes some of the easy-to-do breaches you can do once you have the phone under control. These include calling arbitrary people via the Web interface, stealing the phone history from the logs, poisoning the address book and most chillingly, monitoring the victim by making a phone call to the attacker's number (at their expense).

It is scary reading for any CIO who has deployed Web enabled VoIP phones and will also keep the big phone vendors, Cisco, Nortel, Avaya and Polycom awake as they scurry to find patches.

For more:
- Total surveillance made easy with VoIP phones Article

Related articles:
Sipera finds VoIP vulnerability Report
Security big issue for Unified Communications Report