Blog | G5 Cyber Security

PwnPhone: Default passwords allow covert surveillance.

Snom 320 VoIP phones have no authentication whatsoever. Attackers can make calls, receive calls, play recordings, upload new firmware and use the device for covert surveillance. Many manufacturers provide a default set of credentials even if they’re usually “admin/admin”, thus equally insecure. If you must supply devices with “default” credentials, disable all other functionality until a suitably-secure password is set to replace it. Professor Alan Woodward of Surrey University has published an article entitled “Are you only using your VOIP phone?””]

Source: https://paul.reviews/pwnphone-default-passwords-allow-covert-surveillance/

Exit mobile version