idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Science Video Project
idw-Abo

idw-News App:

AppStore

Google Play Store



Instanz:
Teilen: 
14.08.2019 12:42

Danger over the phone

Oliver Küch Presse- und Öffentlichkeitsarbeit
Fraunhofer-Institut für Sichere Informationstechnologie SIT

    Hackers can access sensitive data and services also via telephone devices: Most companies use VoIP telephones that are integrated into the company network. Security researchers at the Fraunhofer Institute for Secure Information Technology have found a total of 40 partly serious vulnerabilities in these VoIP telephones. Attackers can misuse these gaps to intercept calls, deactivate the telephone or gain further access to the company network. The VoIP telephones producers have by now closed these vulnerabilities. The researchers presented the results of their investigations at DEFCON, one of the world’s largest hacker conferences.

    The security experts at Fraunhofer SIT tested a total of 33 VoIP telephone devices from 25 different manufacturers for flaws and vulnerabilities. For this purpose, they examined the devices’ web-based user interfaces , which administrators can use to configure the phones. Even the security experts were surprised by the results: "We didn't expect to find so many critical gaps, because these devices have been on the market for a long time and they should have been tested and secure," explains Stephan Huber, one of the researchers involved in the study.

    One type of vulnerability was so severe that the security researchers were able to gain complete administrative control over the VoIP phone. "This is a total security failure", says scientist Philipp Roskosch, who was involved in the investigation as well. Attackers could also use this to manipulate other devices in the same network, such as other VoIP telephones, computers or production machines. This attack was possible with seven devices. Another attack scenario was a denial of service attack that took VoIP phones out of action. This can damage the business of customer hotlines, e.g. banks or insurance companies.

    The security researchers informed all the manufacturers of the VoIP telephones investigated about the vulnerabilities found; they all reacted and closed the gaps. The Fraunhofer SIT experts therefore advise all users to keep their own devices up to date and to pay attention to updates for the device firmware. Further technical details on the VoIP telephones investigated and the gaps can be found on the Internet at www.sit.fraunhofer.de/cve .


    Bilder

    Researchers at Fraunhofer SIT find serious security flaws in VoIP telephones
    Researchers at Fraunhofer SIT find serious security flaws in VoIP telephones
    Fraunhofer SIT
    None


    Merkmale dieser Pressemitteilung:
    Journalisten, Wirtschaftsvertreter
    Informationstechnik
    überregional
    Forschungsergebnisse
    Englisch


     

    Researchers at Fraunhofer SIT find serious security flaws in VoIP telephones


    Zum Download

    x

    Hilfe

    Die Suche / Erweiterte Suche im idw-Archiv
    Verknüpfungen

    Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.

    Klammern

    Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).

    Wortgruppen

    Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.

    Auswahlkriterien

    Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).

    Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).