Not only is it possible for your PC to be a cyber risk, a desk phone from China may be as well. It has been determined that a major Chinese phone maker may be putting U.S. consumers, companies, and even national security data at risk, and a U.S. senator wants to know what the Commerce Department is going to do about it.
As DefenseOne first reported, in a letter obtained by Defense One, Sen. Chris Van Hollen, D-Md., described a report that “raises serious concerns about the security of audio-visual equipment produced and sold into the U.S. by Chinese firms such as Yealink.”
Yealink doesn’t have the name recognition of the controversial Chinese telecom giant Huawei, but its phones are widely installed across the United States, including in government agencies. In September, Yealink and Verizon announced plans to sell “the nation’s first 4G/LTE cellular desk phone.” In the letter, Van Hollen asked Commerce Secretary Gina Raimondo whether her agency is aware of the report by Chain Security, a Virginia-based company that analyzes electronics for security. He asked whether she considers its analysis credible, and if so, what she wants Commerce to do about it.
Many of the security issues raised in the report are similar to those that the U.S. government has had for years about Huawei. In essence, there are a number of big—but possibly unintentional—security flaws that an adversary could use to steal data. But with the Yealink T54W phone in particular, there are also some concerning features that are clearly built in on purpose. The report pointed to the Yealink software that connects each phone to the local network. Called the device management platform, or DMP, it allows users to make calls from their PCs and network administrators to manage the phones. But it also allows Yealink to secretly record those phone calls and even track what websites the users are visiting. More Information
NOTE: NCT does not use these devices….
Source: Zerohedge