Criminals can gain a treasure trove of sensitive information by listening in to board meetings, warns Context Information Security, after its researchers demonstrated that some conference phone systems might be at risk from hackers.
The Context team managed to gain root access and take full control of a Mitel MiVoice Conference and Video Phone (also known as the Mitel UC360), potentially enabling them to eavesdrop on meetings without alerting the room’s occupants, to disable the mute button so that private discussions are audible to everyone on the call and to maintain a remote backdoor into the network environment.
Neil Biggs, head of research at Context, said: “Conference phones are ubiquitous in modern offices and are often found in less secure areas such as meeting rooms, where they are privy to sensitive discussions, whether hosting a call or just sat on the table. They also present an interesting attack surface, often in segregated VLANs that aren’t visible to an infrastructure penetration test and so may get overlooked. It’s possible that organisations with a mature security posture might overlook the security of these kinds of devices, but it’s important to have them tested.”
Context reported these issues to Mitel at the end of last year, along with a remote exploit that caused the device to reboot, and reports that the company was quick to respond and provide mitigation advice, long term-fixes and coordinated disclosure.
At present, the following mitigations should be applied to prevent the attack described:
Configure static configuration and software URLs;
Ensure Ethernet Debugging is disabled; and
Configure a strong admin password to prevent access to the admin menu.