The big hack involves the ability of some VoIP phones to make phone calls from the Web interface using a simple web POST request. The Snom 32x supports this feature which along with some security vulnerabilities is what GNUCitizen exploited to have some real fun, like ya know, making an outbound call using a spoofed CallerID.
Hackers will need the IP address of the phone being targeted to launch the attack, but using a simple scanner they can use a cross-site scripting attack to hack the phone’s built-in management interface.
Illegal stuff a hacker can do:
- Steal the phone history from the logs including any other details attached to the calls via XHR.
- Poison the address book with a persistent XSS - the name is encoded correctly but not the phone number.
- Change the settings of registered phones, including the displayed text on the phone’s display.
Over the years, the SNOM team has been quite innovative and their technology has always been solid. I would imagine the fix for this problem should be pretty easy to write and now they need to roll it out quickly to all the phones on the market.