Zoom ZTP & AudioCodes Telephones Flaws Uncovered, Exposing Customers to Eavesdropping

Aug 12, 2023THNVulnerability / Privateness

A number of safety vulnerabilities have been disclosed in AudioCodes desk telephones and Zoom’s Zero Contact Provisioning (ZTP) that could possibly be doubtlessly exploited by a malicious attacker to conduct distant assaults.

“An exterior attacker who leverages the vulnerabilities found in AudioCodes Ltd.’s desk telephones and Zoom’s Zero Contact Provisioning characteristic can acquire full distant management of the gadgets,” SySS safety researcher Moritz Abrell said in an evaluation revealed Friday.

The unfettered entry might then be weaponized to listen in on rooms or telephone calls, pivot by means of the gadgets and assault company networks, and even construct a botnet of contaminated gadgets. The analysis was presented on the Black Hat USA safety convention earlier this week.


The issues are rooted in Zoom’s ZTP, which permits IT directors to configure VoIP gadgets in a centralized method such that it makes it straightforward for organizations to watch, troubleshoot and replace the gadgets as and when required. That is achieved by way of an internet server deployed throughout the native community to offer configurations and firmware updates to the gadgets.

Particularly, it was discovered to lack client-side authentication mechanisms through the retrieval of configuration recordsdata from the ZTP service, thereby resulting in a situation the place an attacker might doubtlessly set off the obtain of malicious firmware from a rogue server.

The research additional uncovered improper authentication points within the cryptographic routines of AudioCodes VoIP desk telephones (which support Zoom ZTP) that permit for the decryption of delicate info, equivalent to passwords and configuration recordsdata transmitted by way of a redirection server utilized by the telephone to fetch the configuration.

The dual weaknesses, i.e., the unverified possession bug and flaws within the licensed {hardware}, might then be usual into an exploit chain to ship malicious firmware by abusing Zoom’s ZTP and triggering arbitrary gadgets into putting in it.


“When mixed, these vulnerabilities can be utilized to remotely take over arbitrary gadgets. As this assault is very scalable, it poses a major safety threat,” Abrell mentioned.

The disclosure arrives practically a yr after the German cybersecurity firm recognized a safety problem in Microsoft Teams Direct Routing performance that would render installations inclined to toll fraud assaults.

“An exterior, unauthenticated attacker is ready to ship specifically crafted SIP messages that faux to originate from Microsoft and are subsequently appropriately categorized by the sufferer’s Session Border Controller,” Abrell noted on the time. “Consequently, unauthorized exterior calls are made by means of the sufferer’s telephone line.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.