In a paper published Friday, security researcher Moritz Abrell warns that AudioCodes desk phones and Zoom’s zero touch provisioning feature could be exploited by an attacker to gain remote control over these devices.
The problems are rooted in Zoom’s ZTP, which allows IT administrators to configure their VoIP devices in a centralized manner such that it makes it easy for organizations to monitor, troubleshoot and update the devices as and when required.
This is achieved by means of a web server deployed within the local network to provide configurations and firmware updates to the devices.
The twin weaknesses, i.e., the unverified ownership bug and flaws in the certified hardware, could then be fashioned into an exploit chain to deliver malicious firmware by abusing Zoom’sZTP and triggering arbitrary devices into installing it.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply