Security Update for Alcatel OmniPCX telephone system software
A vulnerability in Alcatel's OmniPCX Enterprise VoIP software could be used to play someone a telephone joke. A specially crafted TFTP request to the signalling server can cause a victim's telephone to work in one direction only. The TFTP packet must contain the MAC address of the victim's phone, which is very easy to change e.g. under Linux.
Even though the compromised phone can still make or take calls, and the other party can still hear the caller, the caller himself is prevented from hearing anything said at the other end of the communication. Instead, the system reroutes the audio stream to the attacker's computer. The vulnerability does not, of course, mean that conversations can be intercepted, since attackers can only hear the answers from the other party and not a complete conversation.
Alcatel OmniPCX Enterprise release 7.1 and earlier are affected. The problem does not occur with version 8.0. Although the problem can be fixed simply by manually rebooting the affected phone, the manufacturer has decided to provide an update for the vulnerable server versions.
- List of security statements from Alcatel
- VoIP Phone Audio Stream Rerouting Vulnerability, security report from Compass Security