Most businesses have IP office phones, as they are very useful for communicating with coworkers.  However, many of these phones are actually quite vulnerable to cyber attacks.  Red Balloon Security founder, Ang Cui discovered the specific issues with a Cisco phone and found out exactly how easy it is for hackers to listen in on an office IP phone.

Hackers can listen in to an IP phone whenever they please, meaning you don’t even have to be making a phone call for them to be eavesdropping.  The microphone on these phones are always on.  The phone is listening to everything going on in your office 24/7.

Attackers don’t even need physical access to the phone in order to hack it.  Cui was able to gain access to this vulnerability through the network.  He got a resume that hacked the office printer.  From there the printer hacked the router and the router hacked the IP phone.  Over the internet, attackers can access the phone from anywhere. 

Once this issue was brought to Cisco’s attention, the firmware was quickly updated on their IP phones, patching the vulnerability.  However, in order to benefit from the patch, users must update the firmware on their device. Another issue is that Cisco phones are not the only IP phones to be affected by this issue.  Other IP phones have shown the same vulnerability.

This study shows us how important it is to keep the firmware updated on all of your devices.  There are so many new technologies that function similarly to computers, like an IP phone, that needs cyber security the same way a computer does.

Story via Business Insider