Hackers infiltrate desk phones for epic office pranks

When Edwards started his job as a researcher at cloud security firm Silver Sky in January, he says, a coworker sent a lewd email as a prank, then claimed the note was written by someone who’d accessed his keyboard. Edwards says he responded by spoofing an email from that guy to his boss, seeking enrollment in an HR training class on sexual harassment.

Still, Edwards wasn’t satisfied, however, and began daydreaming about a more epic retaliation involving the phone on his coworker’s desk. He called up his friend Nell, a security researcher and reverse engineering guru who immediately hit eBay to order the same phone used in Edwards’ office. Working together, Nell and Edwards found a debugging port on the back of the phone, spliced a connection to their laptops, and dumped the device’s memory. They soon discovered, as Nell puts it, “a mountain of bugs.”

“It was like you were in a room full of bugs, and you couldn’t not step on them,” he says.