[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
Bryan Nelson Offline
Member
***

Posts: 71
Joined: Feb 2013
Reputation: 0
Post: #9
RE: Hacked phones: IP access control / pubkey auth?
In my experience, this happens to all models of phones that have a web interface that is left exposed to the open internet. I have had to disable the web interface on many a Polycom phone for this same reason.

The primary cause is that the phone is not behind a firewall that would automatically block the web interface from anywhere but your LAN. While there is surely a way to break the security on the web interface of these phones that should not exist, I can't really expect Yealink and Polycom to keep up with hackers, particularly when they cannot push security updates like traditional desktop operating systems. They must depend on the customer to manually update the firmware, and this must be phased out after testing for larger deployments.

A proper firewall will also block the Ghost calls with no need for the phone to do anything. Router\firewalls that have full cone NAT are the reason random IP's are able to intercept the port you are registered to your Voip provider on.

https://en.wikipedia.org/wiki/Network_ad...ranslation

All that being said, I took a look at the log you attached, and these may provide a hint to what the problem may be. I don't know much about http security, but this appears that it may be part of a SSL downgrade exploit.

2016-02-24 11:49:41: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2016-02-24 11:49:42: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2016-02-24 11:49:55: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2016-02-24 11:49:56: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
03-12-2016 01:50 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - Bryan Nelson - 03-12-2016 01:50 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 262 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 1,078 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 911 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 1,562 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 1,425 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 1,451 08-19-2019 03:03 PM
Last Post: jolouis
  T46G WiFi cannot access web gui SimpleCom 5 3,338 03-21-2019 04:39 AM
Last Post: SimpleCom
  Hide phones # on screen kcurtis 0 1,121 11-29-2018 09:00 PM
Last Post: kcurtis
  Two phones with identical settings (T48G and T48S)- only one connects to SIP server sani390 0 1,341 09-11-2018 01:24 PM
Last Post: sani390
  User Access Level bruno 1 1,583 07-18-2018 01:51 PM
Last Post: East_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication