[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
Bryan Nelson Offline
Member
***

Posts: 71
Joined: Feb 2013
Reputation: 0
Post: #9
RE: Hacked phones: IP access control / pubkey auth?
In my experience, this happens to all models of phones that have a web interface that is left exposed to the open internet. I have had to disable the web interface on many a Polycom phone for this same reason.

The primary cause is that the phone is not behind a firewall that would automatically block the web interface from anywhere but your LAN. While there is surely a way to break the security on the web interface of these phones that should not exist, I can't really expect Yealink and Polycom to keep up with hackers, particularly when they cannot push security updates like traditional desktop operating systems. They must depend on the customer to manually update the firmware, and this must be phased out after testing for larger deployments.

A proper firewall will also block the Ghost calls with no need for the phone to do anything. Router\firewalls that have full cone NAT are the reason random IP's are able to intercept the port you are registered to your Voip provider on.

https://en.wikipedia.org/wiki/Network_ad...ranslation

All that being said, I took a look at the log you attached, and these may provide a hint to what the problem may be. I don't know much about http security, but this appears that it may be part of a SSL downgrade exploit.

2016-02-24 11:49:41: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2016-02-24 11:49:42: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2016-02-24 11:49:55: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2016-02-24 11:49:56: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
03-12-2016 01:50 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - Bryan Nelson - 03-12-2016 01:50 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Probem with Queues and ringing phones Saccara 0 1,092 11-30-2022 05:23 PM
Last Post: Saccara
  Phones crash using VM Impress1 1 2,674 03-29-2022 09:54 PM
Last Post: Yisroel_MongoTEL
  How to access web UI from different subnet? Jeremy17 0 2,227 03-02-2022 05:32 AM
Last Post: Jeremy17
  Need to completely reset phones Chris708 1 4,067 02-26-2021 03:58 AM
Last Post: Chris708
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 3,506 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 6,028 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 3,829 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 5,084 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 5,789 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 6,763 08-19-2019 03:03 PM
Last Post: jolouis

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication