BBC has a report on a bug in VoIP phone software that lets hackers in with just a few lines of code. They can then use the phone system to make expensive calls, and even listen in on your phone conversations.
The mechanism is frighteningly simple: VoIP users–whether they’re residential or commercial–typically use the same internet connection to run their computers and their phones. By finding some specific lines of code in a site that the user has visited via the computer, the hackers can then apply those lines of code to the software running the phone. This is a massive oversimplification of the process, but never fear, scammers have it down pat.
Then, one of two processes occurs, both if you’re extremely unlucky. The hackers can eavesdrop on your phone conversations, and they’re able to rack up phone charges to charge-per-minute phone numbers. In an even funnier twist, the premium phone services can hire hackers to break into your VoIP phone system and quietly make these calls, thereby lining the premium service’s pockets and leaving you or your company to foot the bill. This becomes a lot less humorous when you factor in a company’s potential response to finding out your desk phone was used to make thousands of dollars’ worth of phone sex calls.