[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
jpoppenk Offline
Junior Member
**

Posts: 4
Joined: Feb 2016
Reputation: 0
Post: #5
RE: Hacked phones: IP access control / pubkey auth?
Dear readers, Yealink support was of no help at all in resolving my issue. Take this into account when deciding upon your next purchase. However, I tried a few things that seem to be working. Based on my experience, here is some advice to fellow users:

1) New Yealink phones appear to have security open by default. Make sure to not only set a strong password, block IP calls, and trust SIP only from the server for *every account*, but also to set action_uri_limit_ip to some value (like 0), even if you are not using action uri's or have no idea what that is. Otherwise the whole world can (and will) remote control your phone.

2) You need to have a server and learn how to autoprovision to make your phone work properly, because at the time of writing, essential security features (such as block IP call) are not accessible from the web interface of all Yealink phones.

3) If you get hacked, don't waste time trying to figure out what they changed. Just hold the OK button for 10 seconds to reset your phone to factory settings. This was the only way I was able to prevent my phones from reverting to their pwned state. I suspect the hackers installed files that influenced operation beyond what is visible in the web interface.

4) If you're unfamiliar with VOIP phones, people are trying to hack your phone all the time. Make sure you get your security locked down right away. Also, due to apparent security flaws in these phones, a seven-letter password was insufficient. A 50-character password seems to be holding for now.
03-02-2016 12:38 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - jpoppenk - 03-02-2016 12:38 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Need to completely reset phones Chris708 1 1,283 02-26-2021 03:58 AM
Last Post: Chris708
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 1,345 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 2,449 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 1,757 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 2,605 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 2,635 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 2,910 08-19-2019 03:03 PM
Last Post: jolouis
  T46G WiFi cannot access web gui SimpleCom 5 5,720 03-21-2019 04:39 AM
Last Post: SimpleCom
  Hide phones # on screen kcurtis 0 1,905 11-29-2018 09:00 PM
Last Post: kcurtis
  Two phones with identical settings (T48G and T48S)- only one connects to SIP server sani390 0 2,215 09-11-2018 01:24 PM
Last Post: sani390

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication