Recent revelations of security vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) have raised significant concerns over potential remote attacks.
The vulnerabilities, unveiled by SySS security researcher Moritz Abrell, highlight the possibility of attackers gaining full remote control over these devices. This access could be exploited for eavesdropping on conversations, infiltrating corporate networks, and even establishing a botnet of compromised devices. The findings, presented at the Black Hat USA security conference, underscore the critical need for urgent measures to address these vulnerabilities.
Furthermore, the vulnerabilities are primarily rooted in Zoom’s ZTP, a system designed for simplified configuration and management of VoIP devices. The absence of client-side authentication during the retrieval of configuration files exposes a flaw that could lead to the download of malicious firmware from rogue servers. Additionally, issues with cryptographic routines in AudioCodes VoIP desk phones allow sensitive information like passwords and configuration files to be decrypted by attackers. These weaknesses, when combined, create an exploit chain that enables remote takeover of devices on a substantial scale, emphasizing the serious security risk posed.
The potential for full device control could enable threat actors to exploit this situation extensively. Researchers have pointed out the capability for eavesdropping on conversations, pivoting through compromised devices to infiltrate corporate networks, and the creation of botnets. The vulnerabilities bring to light the broader challenges within the cybersecurity landscape, underscoring the importance of ongoing security enhancements and proactive measures to safeguard against evolving threats.
Following the disclosure, Zoom has already initiated steps to mitigate the risks, implementing restrictions on customized URLs for firmware and planning further security enhancements in the near future.
