Does your desk phone pose a major security risk?

desk phone
(Image credit: Shutterstock.com)
Audio player loading…

Security researchers have warned that the humble desk phone could be putting businesses at risk of cyberattack.

According to new findings from McAfee, a decade-old bug found in an Avaya desk phone may allow hackers to hijack the device to capture audio, and even potentially bug the phone to listen in on conversations.

The model of phone in question (the Avaya 9600 series IP Deskphone) is reportedly used in 90 percent of Fortune 100 companies, as well as many more businesses of all sizes around the world.

McAfee says that the flaw is due to the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then subsequently failed to apply appropriate security patches to.

The bug was first reported as affected the phone's Linux software back in 2009, yet its presence in the firmware remained unnoticed until now, demonstrating the potentially huge effect such devices could have on a company's cybersecurity.

“Legacy code and technical debt can be found everywhere in our increasingly connected world; if left unpaid, the resulting ‘interest’ can be detrimental," said Raj Samani, chief scientist and McAfee fellow.

"Technology is only as secure as the weakest link in the chain, and this can many times be a device you might not expect. This highlights the importance of staying on top of network monitoring: if connected devices are talking with each other when they are not supposed to, this should raise red flags.”

Avaya has now published a fix to the vulnerability, with McAfee urging customers to patch their devices immediately.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.