Voice Over Internet Protocol (VOIP) is becoming an ever more popular way of making phone calls. Most of us still have a Plain Old Telephone System (POTS) somewhere on our desk, but many are using VOIP as it provides a degree of communications integration that POTS can do only with expensive gateways. Thousands of VOIP handsets are appearing in organisations large and small: it is becoming the norm.
The trouble is, as I have said many times before, IP and many of its associated protocols were never built to be secure. Worse still, those implementing VOIP applications in firmware (the software that runs on these dedicated handsets) seem to be making some basic mistakes which are leaving us open to eavesdropping - the good old fashioned type of eavesdropping as well, where someone can listen to the conversations of anyone with range of the microphones on the VOIP phone.
All the way back in 2012 (which is a long time ago in technology evolutionary terms) I recall researchers showing how you could hack into these phones. These hacks exploited, for example, a vulnerability in the kernel of the version of unix running on the handsets, whereby arbitrary code could be run by an attacker.
