HQ/EMEAFind out how we can help your business
Researchers discovered new vulnerabilities in Zoom ZTP and AudioCodes phones that could enable malicious actors to eavesdrop and perform remote attacks on compromised devices. Based on reports, an external hacker that exploits the flaws could acquire complete remote control of the devices.
The attackers could then weaponise unauthorised access to eavesdrop on the phone or room calls, transfer the devices, attack corporate networks, and create a botnet of infected devices. The researchers presented their discoveries during a US-based security conference earlier this month.
The primary problem came from the Zoom ZTP phones.
The security vulnerability in the Zoom ZTP allows IT admins to configure VoIP devices in a centralised environment, making it easy for organisations to observe, troubleshoot and update the devices if needed.
Users could achieve such capabilities through a web server deployed within the local network to give configuration and firmware updates to the devices.
The researchers found that the provisioning process does not have client-side authentication features during the retrieval of configuration archives from the ZTP service. Hence, the lack of such mechanisms could lead to an attacker initiating the download of malicious firmware from a rogue server.
The investigation further uncovered incorrect authentication problems in the cryptographic routines of AudioCodes VoIP desk phones that enabled an attacker to decrypt sensitive data, such as passwords and configuration files transmitted through a redirection server utilised by the phone to retrieve the configuration.
Cybersecurity experts believe that threat actors could exploit the vulnerabilities through an unverified ownership bug and flaws in the certified hardware. Hence, they could run an exploit chain to deploy malicious firmware via compromised Zoom ZTP and enable arbitrary devices not already enrolled in an existing ZTP profile.
Therefore, threat actors could combine these chains of vulnerabilities to take over arbitrary devices remotely, which poses a significant security risk for numerous users.
The revelation of the bugs arrived nearly a year after cybersecurity researchers uncovered the issue in MS Teams Direct Routing functionality that could make installations prone to toll fraud attacks. Outdated and flawed devices should be wary of such exploits as threat actors will likely take advantage of the issue.
