Mitel Forums - The Unofficial Source
Mitel Forums => Mitel Software Applications => Topic started by: ralph on February 17, 2017, 10:36:59 AM
-
A group of hackers have found a security flaw in the UC360.
The potential is that someone could listen in on your boardroom conversations without anyone's knowledge.
Here's the details of the hack: https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
Mitel Just released a security advisory: http://www.mitel.com/mitel-product-security-advisory-17-0003
Ralph
-
A group of hackers have found a security flaw in the UC360.
The potential is that someone could listen in on your boardroom conversations without anyone's knowledge.
Here's the details of the hack: https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
Mitel Just released a security advisory: http://www.mitel.com/mitel-product-security-advisory-17-0003
Ralph
I saw that and laughed a bit... the conditions for it to occur are pretty unique and it must be an "inside" job for the most part because it requires a compromised DHCP server -AND- physical access to the device. Unless there is a suspicion this could be occuring somewhere, I'm not gonna lose any sleep over this one.
-
Yes, it needs "inside" access for a couple of minutes minimum.
But as he says, these kinds of devices are often in rooms which are unattended and accessed by guests.
This risk should be mitigated through physical security measures.
I don't know how you stop a device from being tricked into downloading a file by being booted up on a trick switch. Maybe physically mounting the UC360 in such a way as to make the network port inaccessible, and ensuring the patch point is not accessible either.