CategoriesBritish ChambersCharity SectorConstructionCyber SecurityEducationFinancial & LegalHealth Wellbeing & LeisureInternational TradeIT InsightsJob VacanciesManufacturingMarketingMember NewsPolicySales & Marketing InsightsSussex ShowcaseTransport & Logistics Sector
ArchiveNovember 2020October 2020September 2020August 2020July 2020June 2020May 2020April 2020March 2020February 2020January 2020December 2019November 2019October 2019September 2019August 2019July 2019June 2019May 2019April 2019March 2019February 2019January 2019December 2018November 2018October 2018September 2018August 2018May 2018
Beware desk phones that enable hackers to listen in on your organisation – because there’s an old bug in many phones that could open doors to cyber criminals.
New research from cyber security firm McAfee has identified that there’s still an old bug in Avaya handsets.
Avaya’s the popular choice for many organisations of all sizes worldwide so the existence of the old bug is a major worry for many businesses who may not have renewed their desktop technology since 2009.
While the core software itself was repaired a decade ago, the operating system in the desk phone firmware wasn’t. It means companies that use Avaya handsets could have their devices taken over in a Remote Code Execution (RCE) attack. This would enable a hacker to listen in on conversations and even record calls.
Avaya has published information about how to fix the problem and advises businesses to remedy the problem as soon as possible.
But some companies may need support from an independent IT consultant to help them to evaluate the risks and to implement the fix. As the bug is a decade old, it might well be the right time to consider new kit – because there’s a wide range of new options to choose from.
The security flaw was identified in the Avaya 9600 series IP desk phone by McAfee’s researchers who demonstrated how big a risk the bug still poses. They were able to take over the normal operation of an Avaya phone, secretly remove audio recordings and potentially bug the phone.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “Now’s the time to check your Avaya phone system as a matter of urgency. This old vulnerability has just become headline news again, so attempts by cyber criminals may well increase.
“It’s also worthwhile taking the opportunity to do a thorough audit of all IT services to ensure there aren’t any other weak points in your cyber defences. Sadly, hackers’ ability to plant malware that lies dormant on your network, means your systems could already be infected. The perpetrators are just waiting for the right moment to use malicious code against you. Or, it could involve your company’s systems in an unwitting attack on a third party which could lead to legal penalties and a damaged reputation.”