We picked this one up on a few VoIP security websites. It seems that an exploit has been found on a Grandstream VoIP phone that it could be forced to go off hook even when the handset is down so that the exploiter could be listening in plus this acts as a Denial of Service (DOS) attack stopping regular callers from contacting you.
Many people are guessing that many other Vendors may also be suseptable to this exploit so be careful as you never know who is listening.
For the record the Grandstream model is the GXV-3000 and we were unable to confirm if a new firmware has fixed this problem, let us know if you have more information.
Get more details here here or here
We take security very seriously and Voice over IP opens up all sorts of avenues for abuse of your systems.
We found a great article over on networksystemsdesignline.com that describes the security issues surrounding a VoIP implementation in summary they are:
- Eavesdropping – An external party monitoring your RTP packet streams
- Spam over Internet – SPIT, we have covered this before here but it is essentially Spam voicemail
- Spoofing – Someone who is pretending to be a remote IP address that you are communicating with
- Call Hijacking – A user can take over a call and this allows them to commit toll fraud
- Denial of Service – DOS attack flooding out the available bandwidth so you are unable to make calls
The full article can be read here – you have been warned