Business Insider has an interesting article on how they were able to attack and exploit Cisco VoIP phones. After all, as they point out, what is a VoIP phone? It’s a computer with a microphone! Their article can be viewed here: http://www.businessinsider.com/hackers-can-turn-office-phone-into-remote-listening-device-cybersecurity-hack-cisco-spying-tap-2017-11
Yes, your VoIP phones fall squarely into the category of Internet of Things. and should be treated as such. Now this article discusses Cisco VoIP phones, but the same basic rules apply to any manufacturer, including Polycom, Snom, Sangoma, Yeahlink, Grandstream, Aastra, AudioCodes, D-Link, 3Com, and countless others. And don’t forget about the traditional phone system vendors like Avaya, NEC, Fujitsu, Hitachi, Panasonic, Nortel, Uniden, Siemens, Comdial, Huawei, and others.
The surprising thing is that with the possible exception of VoIP software running on their Smartphones, nobody updates their phone software. Take some time out of your schedule this week to solicit upgrade information from your phone vendor.