Open phones may crop up on Shodan
Creeps can listen in to conversations placed over vulnerable Cisco small business phones. Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones. Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations. "An unauthenticated, remote attacker could exploit this vulnerability to listen to a remote audio stream from an affected device or to gain access to make phone calls remotely," it says in...