American Military News January 11, 2022 Ryan Morgan
A Chinese-built desk phone used widely across U.S. offices, including government agencies, could be giving away consumer, corporate, and even national security information to the Chinese government, a report revealed this week.
The concerns about the desk phone, the Yealink T54W IP Business Phone, were first described in an August 2021 government report, later cited by Sen. Chris Van Hollen (D-MD) in a September 2021 letter to the Department of Commerce, and first reported by Defense One last week. According to the report, researchers found both common vulnerabilities that are in many different office phone systems as well as vulnerabilities more specific to Yealink’s services and that appeared to be included more intentionally.
A web search shows Yealink phone systems have been selected for use at the U.S. Embassy in Ukraine, as well as several other federal, state and local government offices in the U.S.
Chain Security authored the report on the Yealink phones and found that the phone and Yealink’s Device Management Platform (DMP) include features that allow Yealink administrators in China to turn on and access call-recording features from their end.
More:
https://americanmilitarynews.com/2022/01/report-us-govt-desk-phones-could-be-spying-for-china/