Security experts have claimed the voice recording systems used by the UK emergency services contain security flaws that could be potentially exploited by hackers.
The firm warns that the Nice software, which was formerly known as Cybertech eXpress, holds a root backdoor that enables unauthorised access to voice recordings, adding that organisations should stop using the programme until the flaws have been fixed.
“Attackers are able to completely compromise the voice recording/surveillance solution as they can gain access to the system and database level and listen to recorded calls without prior authentication,” says an advisory released by SEC Consult.
“Furthermore, attacks would be able to use the voice recording server as a jumphost for further attacks of the internal voice VLAN, depending on the network set-up,” it adds.
The advisory lists a number of flaws it says it found in its review of the Nice software, including:
According to SEC, these issues could allow an attacker to access sensitive calls, in some cases, undermining criminal cases or leaving witnesses exposed when key evidence is leaked.
It also claims that because Israeli software provider Nice Systems also offers CRM (customer relationship management) systems with “lawful interception” technology, the security flaws are more emphasised.
Since the issues were revealed, the vendor has responded to the claims, stating that it welcomes tests of this nature on its behalf or on behalf of its customers and updates clients with new information.
After initially claiming that it was seeking to resolve the issues, it has now announced all problems have been fixed and no reports of customers being affected have been received.
"Nice Systems announced that as of 2 p.m. EDT today, they have made available a new release that includes the remaining fixes to the issues in the NICE Recording eXpress, Cybertech eXpress and Cybertech Myracle products, identified in a recent consulting report. Nice is currently notifying customers, none of whom have reported any issues," it claimed.