CVE-DAKTELA-2021-12



Security Daktela

Coordinated suspicious network activity in order to gain access to SIP accounts of IP phones

Published: 7.12.2021 22:17h CEST

Risk: medium


What happened:

Tonight, December 7, 2021 at 1:09 a.m.(CET), we detected suspicious network activity on our systems to gain access to VoIP (SIP) accounts and passwords for IP phone lines on some Daktela instances. We evaluated this activity as medium-risk and therefore a security group was immediately convened to activate the incident response plan. Over the course of the night, we took steps to protect and secure our data. We ended the security incident at 5:14 a.m.(CET) in the morning.

What data was compromised:

All our evidence testifies to the fact that the aim of the attack was to gain access to one of the SIP accounts, which will then be used for so-called VoIP fraud – fraudulent telephone calls to expensive destinations.
We have ruled out attackers’ access to data stores by scrutinizing the systems. The activity was not intended to retrieve any other data from the system. All user data was protected at all times and no leaks occurred.

What are we doing:

We continue to monitor the situation, but we do not currently see any further suspicious activity. To ensure the maximum security of our customers who may have been affected, we have decided to contact these customers and proceed to the implementation of measures for these situations, which includes changing passwords on SIP accounts. Some customers may be temporarily restricted to calls to destinations outside the EU as these changes are completed. If you have a problem with calls to these destinations, please contact technical support by email at support@daktela.co.uk or by phone at +44 870 4702157

What I have to do as a customer:

We will contact individual customers who we believe have been affected, and provide technical support when changing passwords on SIP accounts.

Where can I get more information:

We continue to monitor and evaluate the situation. We will publish additional information on this site, including a final security report evaluating the entire incident.

Update: Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

Published: 8.12.2021 15:23h CEST


What happened:

A security flaw was discovered in the Microsip and Linphone software phones on October 13, 2021, which in some cases allows a remote attacker to obtain login details for the phone’s SIP account. This data can then be misused by an attacker, for example for an expensive fraudulent foreign calls (VoIP fraud).

What I have to do as a customer:

We recommend upgrading to the latest software phone versions and changing the password for the SIP account. In the case of Microsip, the bug is fixed from version 3.20.7.

Where can I get more information:

The original article by the author of the security flaw is at https://blog.syss.com/posts/hacking-your-softphone-with-a-malicious-call/

Information about this vulnerability on Hackernews is at https://thehackernews.com/2021/10/critical-remote-hacking-flaws-disclosed.html

Ajánlatkérés

    Név: *

    Cég: *

    Email: *

    Telefonszám: *

    A * -val jelőlt mezők kitöltése kötelező.

    Ezt a weboldalt a reCAPTCHA Google Privacy Policy és Terms of Service védi.