[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
jpoppenk Offline
Junior Member

Posts: 4
Joined: Feb 2016
Reputation: 0
Post: #5
RE: Hacked phones: IP access control / pubkey auth?
Dear readers, Yealink support was of no help at all in resolving my issue. Take this into account when deciding upon your next purchase. However, I tried a few things that seem to be working. Based on my experience, here is some advice to fellow users:

1) New Yealink phones appear to have security open by default. Make sure to not only set a strong password, block IP calls, and trust SIP only from the server for *every account*, but also to set action_uri_limit_ip to some value (like 0), even if you are not using action uri's or have no idea what that is. Otherwise the whole world can (and will) remote control your phone.

2) You need to have a server and learn how to autoprovision to make your phone work properly, because at the time of writing, essential security features (such as block IP call) are not accessible from the web interface of all Yealink phones.

3) If you get hacked, don't waste time trying to figure out what they changed. Just hold the OK button for 10 seconds to reset your phone to factory settings. This was the only way I was able to prevent my phones from reverting to their pwned state. I suspect the hackers installed files that influenced operation beyond what is visible in the web interface.

4) If you're unfamiliar with VOIP phones, people are trying to hack your phone all the time. Make sure you get your security locked down right away. Also, due to apparent security flaws in these phones, a seven-letter password was insufficient. A 50-character password seems to be holding for now.
03-02-2016 12:38 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 

Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - jpoppenk - 03-02-2016 12:38 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Probem with Queues and ringing phones Saccara 0 389 11-30-2022 05:23 PM
Last Post: Saccara
  Phones crash using VM Impress1 1 1,621 03-29-2022 09:54 PM
Last Post: Yisroel_MongoTEL
  How to access web UI from different subnet? Jeremy17 0 1,250 03-02-2022 05:32 AM
Last Post: Jeremy17
  Need to completely reset phones Chris708 1 3,179 02-26-2021 03:58 AM
Last Post: Chris708
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 2,777 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 4,756 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 3,068 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 4,254 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 4,645 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 5,455 08-19-2019 03:03 PM
Last Post: jolouis

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication