In the latest installment of “are hackers taking over your tech and costing you a lot of money,” the BBC has a report on a bug in VoIP phone software that lets hackers in with just a few lines of code. They can then use the phone system to make expensive calls, and even listen in on your phone conversations.
The mechanism is frighteningly simple: VoIP users–whether they’re residential or commercial–typically use the same internet connection to run their computers and their phones. By finding some specific lines of code in a site that the user has visited via the computer, the hackers can then apply those lines of code to the software running the phone. This is a massive oversimplification of the process, but never fear, scammers have it down pat.
Then, one of two processes occurs, both if you’re extremely unlucky. The hackers can eavesdrop on your phone conversations, and they’re able to rack up phone charges to charge-per-minute phone numbers. In an even funnier twist, the premium phone services can hire hackers to break into your VoIP phone system and quietly make these calls, thereby lining the premium service’s pockets and leaving you or your company to foot the bill. This becomes a lot less humorous when you factor in a company’s potential response to finding out your desk phone was used to make thousands of dollars’ worth of phone sex calls.
Unfortunately, experts are already predicting that this is just the latest in what could be an epidemic of hacking our IoT devices. We’ve already seen fears over hacking internet-connected insulin pumps and pacemakers, we’ve had issues with thermostats receiving a software bug in an update that upended their systems, and other inherent flaws. One expert interviewed by the BBC even said that the phone security issue is easily fixed with a couple of settings changes, but that most companies probably wouldn’t bother to do it since their phone systems still work (yeah, they work so well that premium phone scams are making millions). Hopefully this will be yet another reason for developers and consumers alike to start questioning how much of our lives can be seen–and overheard–by others through our devices.