[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
jpoppenk Offline
Junior Member

Posts: 4
Joined: Feb 2016
Reputation: 0
Post: #5
RE: Hacked phones: IP access control / pubkey auth?
Dear readers, Yealink support was of no help at all in resolving my issue. Take this into account when deciding upon your next purchase. However, I tried a few things that seem to be working. Based on my experience, here is some advice to fellow users:

1) New Yealink phones appear to have security open by default. Make sure to not only set a strong password, block IP calls, and trust SIP only from the server for *every account*, but also to set action_uri_limit_ip to some value (like 0), even if you are not using action uri's or have no idea what that is. Otherwise the whole world can (and will) remote control your phone.

2) You need to have a server and learn how to autoprovision to make your phone work properly, because at the time of writing, essential security features (such as block IP call) are not accessible from the web interface of all Yealink phones.

3) If you get hacked, don't waste time trying to figure out what they changed. Just hold the OK button for 10 seconds to reset your phone to factory settings. This was the only way I was able to prevent my phones from reverting to their pwned state. I suspect the hackers installed files that influenced operation beyond what is visible in the web interface.

4) If you're unfamiliar with VOIP phones, people are trying to hack your phone all the time. Make sure you get your security locked down right away. Also, due to apparent security flaws in these phones, a seven-letter password was insufficient. A 50-character password seems to be holding for now.
03-02-2016 12:38 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 

Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - jpoppenk - 03-02-2016 12:38 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Probem with Queues and ringing phones Saccara 0 380 11-30-2022 05:23 PM
Last Post: Saccara
  Phones crash using VM Impress1 1 1,610 03-29-2022 09:54 PM
Last Post: Yisroel_MongoTEL
  How to access web UI from different subnet? Jeremy17 0 1,244 03-02-2022 05:32 AM
Last Post: Jeremy17
  Need to completely reset phones Chris708 1 3,166 02-26-2021 03:58 AM
Last Post: Chris708
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 2,772 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 4,745 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 3,061 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 4,244 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 4,637 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 5,447 08-19-2019 03:03 PM
Last Post: jolouis

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication