[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
jpoppenk Offline
Junior Member
**

Posts: 4
Joined: Feb 2016
Reputation: 0
Post: #1
Hacked phones: IP access control / pubkey auth?
Dear Yealink,

I have three Yealink phones (T32, T46). I changed the password as soon as I received the phones (to an eight random character value), patched to the latest firmware and adjusted the setting to block IP calls, so the phones at least did not spontaneously ring any more. In spite of these steps, all of the phones were hacked to redirect calls to an international number.

I logged onto all the phones and turned off the forwarding, set new 50-character passwords, uploaded my backed-up config settings, checked the autoprovisioning (nothing there) and do not see any residual evidence of tampering. I also set my logging settings to level 6. But the next day one of my phones is again compromised. So perhaps there is a backdoor in the software.

I would like to take some security precautions, but am not sure how or whether they are currently possible:

1) I would like to remedy this by simply blocking all IP's except for my voip server and subnet. This should be straightforward on a linux based sytem like the Yealink phones (modify the /etc/hosts.allow file), but I can't find any information about how to do this. I found documentation on allow lists for action USIs but I suspect it is the web interface getting cracked.

2) I would like to use pubkey authentication for making changes to the phone settings rather than password access. Is something like this possible?

Thank you in advance for your help.
02-25-2016 12:14 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Hacked phones: IP access control / pubkey auth? - jpoppenk - 02-25-2016 12:14 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 252 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 1,066 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 901 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 1,558 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 1,412 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 1,438 08-19-2019 03:03 PM
Last Post: jolouis
  T46G WiFi cannot access web gui SimpleCom 5 3,309 03-21-2019 04:39 AM
Last Post: SimpleCom
  Hide phones # on screen kcurtis 0 1,115 11-29-2018 09:00 PM
Last Post: kcurtis
  Two phones with identical settings (T48G and T48S)- only one connects to SIP server sani390 0 1,333 09-11-2018 01:24 PM
Last Post: sani390
  User Access Level bruno 1 1,574 07-18-2018 01:51 PM
Last Post: East_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication