Addressing concerns about Yealink phone security

In light of recent discussions and publications concerning the security of Yealink phones, it has become important to address these concerns head-on. As a prominent distributor of Yealink products linked to our Voxbi Cloud PBX solution, Mixvoip is committed to clarifying these security issues and detailing our stance on the matter. For those who may not be familiar with the articles in question, we provide links below for your reference and further understanding:

Understanding Security Vulnerabilities and CVE

Every brand and device might encounter security vulnerabilities at some point. There’s a vast and transparent security community that tracks, identifies, and records known vulnerabilities with a CVE (Common Vulnerabilities and Exposures). Vendors, like Yealink, promptly address these vulnerabilities with updates.

You can verify the known vulnerabilities of Yealink at this independent CVE details website. The fact that there’s no recent security problem published suggests the recent articles might lean more towards sensationalism than substance. It’s important to note that if a vulnerability exists in popular brands like Yealink, it will most likely be documented, given the high stakes in finding and potentially exploiting such issues.

Local network installation: An additional security layer

Yealink phones in your network are protected by multiple layers of security. Firstly, they are installed on your local network, typically in a dedicated VLAN, protected by both our VoIP SBC and your firewall. Exploiting any potential vulnerability in such a well-guarded environment would be a herculean task.

Proximus: A voice of trust

Proximus, a leading telecom operator in Belgium and Luxembourg, is also a prominent user of Yealink devices.

In a recent statement, they mentioned:

“Proximus ne voit aucune menace” (Proximus sees no specific threat). The telecom operator has meticulously checked both the platform on which Yealink equipment is used and the network activity of the devices. Among Proximus’s clients, the City of Brussels confirmed it received hundreds of Yealink devices.”

If a telecom giant trusts Yealink, that’s a substantial endorsement of the brand’s security and reliability.

The European hardware dilemma

We are proponents of European-made technology. However, the reality is, finding European-made phones has become increasingly challenging. The recent unfortunate bankruptcy of Gigaset, one of the last European providers, on September 20th, 2023, further underscores this dilemma.

Flexible compatibility with standardized protocols

Mixvoip’s phone system is built on standardized protocols like SIP, ensuring flexibility and compatibility. This allows us not only to support leading phone brands like Yealink but also others, such as Polycom. Our commitment to these protocols means we’re poised to provide solutions and alternatives for any future scenarios or customer requirements.

In conclusion

We recognize the importance of security and continually strive to uphold it. While we always monitor and ensure the security of the devices we provide, we also emphasize the significance of transparent and accurate information. As always, Mixvoip remains committed to acting as a genuine partner, keeping our clients informed and secure.

If you have any further concerns or queries regarding this matter, feel free to contact our security team at security@mixvoip.com to schedule a call.