Is W52P a nark/fink??

[moon77]

(11-15-2014 09:40 AM)Yealink_James Wrote:  The two information is not confidential. They are defined in standard SIP protocol to make phone and system work better.

James, I have a few questions for you:

1) What do you mean by "to make phone and system work better" - What's improved??
2) Can you confirm that no other identification information is given to the VOIP provider, such as, for instance, the serial number, or any other id?
3) Can you confirm there's no backdoor?
4) Why can't I get a local root access to my w52p via SSH or telnet, for instance? It's just a Linux after all. NAS (and many other devices) manufacturers give root access to their device, even Firewalls.
5) Wouldn't it be great that Yealink software become Open source? After all, the hardware is your business, right?
6) Does your resellers have obligation to give Yealink their customers name, address, phone#, etc every time a w52p is sold?
7) Which version of OpenSSL is implemented in the latest w52p firmware?
8) Which version of OpenVPN is implemented in the latest w52p firmware?

Thank you.

[James_Yealink]

Hi Moon77,

1. PBX server can centrally manage these phones easier. For example, a firmware upgrading.
2. Serial number won't be sent to VOIP provider in sip message but the MAC address wiil be included. You can find almost all information phone send in Register message.
3. No, there is no a backdoor.
4. Sometimes we will need to change the setting of Firewalls through telnet or SSH. But to phones, all setting can be done through autoprovision and level 6 syslog will record all phone operation. So the telnet and SSH is not designed since it's useless.
5.We care software and hardware. They are both our business.
6.No, they don't have the obligation.
7.Don't quite sure the version, need to confirm it.
8.We can support OpenVPN 2.3.

Regards,
James

[cptjack]

(11-15-2014 04:20 AM)moon77 Wrote:  My VOIP provider knows which SIP device I'm using! (see below).
He even knows which firmware version!!!
Is it a way to help NSA track devices and persons?
How can I hide this??

The easiest way will be to setup a Raspberry Pi or similar with an Asterisk PBX flavor. Or install Asterisk on an another server/system you control. You can connect you W52P to the Asterisk server and let Asterisk proxy the call to your VOIP provider.
Asterisk is open source, so you can change whaterver info you don't like sharing with your provider. Hope this helps.

[moon77]

1. Which PBX server (brand)?
2. MAC address can be faked on a SIP softphone, not on the w52p. Another unique identifier... :-(
3. Why did I asked this question??
4. I totally disagree. Root access to your Linux phone would help people trust your phones. Moreover, it would open possibilities to customize it, to add packages... to check you openssl version...
5. ok
6. ok
7. !!!!! Have you ever heard about Heartbleed? and the latest memory leak via SRTP? http://www.globalsecuritymag.com/Vigil-n...48459.html
http://www.zdnet.com/openbsd-5-6-replace...000035412/
8. Which version have you implemented? An old one full of holes?

Thanks

---

(11-19-2014 12:02 AM)cptjack Wrote:  You can connect you W52P to the Asterisk server and let Asterisk proxy the call to your VOIP provider.

Thank you, it helps, this is a good idea.

[CWR]

(11-15-2014 05:54 AM)moon77 Wrote:  

(11-15-2014 05:04 AM)craigreilly Wrote:  What kind of illegal stuff are you doing?
The IP Address alone the feds can goto the provider then find out who was assigned the IP Address with the date in question.

You didn't answer to my question.
Instead you tried to change the subject asking another question.
I believe this is rude.

I'm not like you, I'm going to answer to your question:
I'm not doing anything illegal, of course, I'm just on the Snowden side.
I'm fed up of being tracked by BIG BROTHER.
PRIVACY is important for me.

Here's my question, once again:
Why does Yealink gives so much information?
Does Yealink follow NSA recommendations?

Thank you

I'm sorry I wasted my time on you.
My Yealink/Grandstream/PBX gives out this info...
My Cellphone exposes data too.

If you are concerned - follow some of the recommendations here for Secure transmission or stick to paper and pencil communication.

[moon77]

Are you a really a moderator?? Who gave you this privilege?????????

[cptjack]

Well Moon77, this forum is supposed to be for -and also by- users helping each other out. Generally you will find that both the Admins and users are helpful and knowledgable. Please be considerate in your questions and answers, because some of the previous posts can come across as blunt.

(2) If you are looking for ways to hide your internet footprint, I'm sure a Raspberry or Linux with Asterisk also allows you to spoof the MAC address, isolate the phone from the internet and monitor all network traffic.

(3) Yealink has been forthcoming with the information you requested, but it is up to you to believe/accept the response as valid. By asking if there is a backdoor in the software, I'm not sure what kind of response you expected, from any vendor for that matter.

(4) Eventhough the implementation is based on Linux, Yealink has the right to keep the rest of their implementation closed. The phones are not advertised as having open hardware or software... So you can ask, but please don't expect Yealink will change their business model solely on that request.

(7) Heartbleed Advisory can be found in this thread.

(8) You can find the sources of the opensource packages online at
http://www.yealink.com/GPLOpenSource.aspx

While safe VOIP communications is always a consideration, I don't believe the Yealink phones are inherently less secure then any other brand. While the phones/software is not perfect, the support team do listen to the users and accept input for future versions.

[yanceyworks]

(11-19-2014 04:05 PM)moon77 Wrote:  Are you a really a moderator?? Who gave you this privilege?????????

Speaking plainly on the old POTS network the NSA or whomever could tap that in minutes, almost literally.

With SIP it is actually easier for you to take control and secure your connection.

In the end though anything can be defeated at a cost of time and money. So if the NSA has decided to zero in on you, good luck.

Note that I appreciate your objective, but how you are going about does not give any of us a good impression about you I'm afraid.