Author Topic: Mitel UC360 Hacked  (Read 1945 times)

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Mitel UC360 Hacked
« on: February 17, 2017, 10:36:59 AM »
A group of hackers have found a security flaw in the UC360.
The potential is that someone could listen in on your boardroom conversations without anyone's knowledge.

Here's the details of the hack:  https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/

Mitel Just released a security advisory:  http://www.mitel.com/mitel-product-security-advisory-17-0003

Ralph
« Last Edit: February 17, 2017, 10:39:14 AM by ralph »


Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Mitel UC360 Hacked
« Reply #1 on: February 17, 2017, 03:33:55 PM »
A group of hackers have found a security flaw in the UC360.
The potential is that someone could listen in on your boardroom conversations without anyone's knowledge.

Here's the details of the hack:  https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/

Mitel Just released a security advisory:  http://www.mitel.com/mitel-product-security-advisory-17-0003

Ralph
I saw that and laughed a bit... the conditions for it to occur are pretty unique and it must be an "inside" job for the most part because it requires a compromised DHCP server -AND- physical access to the device. Unless there is a suspicion this could be occuring somewhere, I'm not gonna lose any sleep over this one.

Offline VinceWhirlwind

  • Hero Member
  • *****
  • Posts: 899
  • Country: au
  • Karma: +31/-0
    • View Profile
Re: Mitel UC360 Hacked
« Reply #2 on: February 19, 2017, 10:50:41 PM »
Yes, it needs "inside" access for a couple of minutes minimum.
 
But as he says, these kinds of devices are often in rooms which are unattended and accessed by guests.
 
This risk should be mitigated through physical security measures.
 
I don't know how you stop a device from being tricked into downloading a file by being booted up on a trick switch. Maybe physically mounting the UC360 in such a way as to make the network port inaccessible, and ensuring the patch point is not accessible either.


 

Sitemap 1 2 3 4 5 6 7 8 9 10