Flaw in Grandstream VoIP phones allows stealthy eavesdropping
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]
VoIP is voice communication over IP networks, where exposed services and flawed configurations can enable interception, fraud, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Voice over Internet Protocol (VoIP) carries voice and related communications as IP network traffic, typically separating call signaling—often SIP—from audio or video media—often RTP. It includes internet calling services and enterprise phone systems such as IP-PBXs, session border controllers, handsets, and management portals.
Its security depends on both the VoIP applications and the networks they use. Internet-exposed SIP services and weakly protected accounts can enable unauthorized calling (toll fraud), call-routing changes, or denial-of-service; unencrypted or misconfigured media can expose conversations. Practitioners should restrict and authenticate signaling and administration, patch PBX and session-border software, use TLS and SRTP where supported, segment voice systems, and monitor registrations, call records, and unusual destinations. Vulnerability management must cover phones, servers, web interfaces, and integrations, while logs and call-routing data require appropriate privacy controls.
Weekly headline count for the current query.
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]
The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. [...]
Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [...]
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. [...]
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...]
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack. [...]
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. [...]
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. [...]
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises using their phone systems for initial access to their corporate networks. [...]
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...]
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...]
Three defendants who allegedly sold over $88 million worth of software licenses belonging to Avaya Holdings Corporation have been charged in Oklahoma, U.S., facing 14 counts of wire fraud and money laundering. [...]
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. [...]
The US Federal Trade Commission (FTC) said today that it will take legal action against Voice-over-Internet Protocol (VoIP) service providers who do not hand over information requested during robocall investigations. [...]