xen1thLabs, a DarkMatter company that conducts vulnerability research, has discovered and disclosed a zero-day vulnerability in Cisco IP phones (7800 and 8800 series).
Hackers and malicious cyber actors could have exploited this vulnerability to compromise and infiltrate computer networks. A patch is now available thanks to the work of Cisco Product Security Incident Response Team (PSIRT) and xen1thLabs.
Rocco Calvi, Director Software Labs, xen1thLabs, said “Through these security flaws, hackers could have gained control of device functionality such as microphone, web camera and voice mail. They could also have propagated malware on the network.
“We are constantly working to identify similar vulnerabilities across digital systems that are currently in operation. We have a vital role to play here in the Middle East where we provide state-of-the-art testing to identify security flaws to help safeguard systems from threats.”
xen1thLabs has also previously seen evidence of hackers leveraging software vulnerabilities to perform mining of Bitcoins or using cloud computing to support their illegal actions. Threat actors, including those from nation states, have the ability to perform large-scale Distributed Denial of Service (DDoS) against their chosen target, such as government agencies or vital infrastructure services.
In this particular incident, xen1thLabs found that vulnerable IP phones were being used in the majority of enterprises across the business community around the world, potentially affecting millions of these popular devices.
The work of this UAE-based, dedicated test and validation Lab, identifies and reports zero-days to protect users. Our world-class researchers have unique expertise that specialises in vulnerability discovery and they work with vendors to find solutions that safeguard everyday users from new and emerging cyber threats.