[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacked phones: IP access control / pubkey auth?
Author Message
Bryan Nelson Offline

Posts: 71
Joined: Feb 2013
Reputation: 0
Post: #9
RE: Hacked phones: IP access control / pubkey auth?
In my experience, this happens to all models of phones that have a web interface that is left exposed to the open internet. I have had to disable the web interface on many a Polycom phone for this same reason.

The primary cause is that the phone is not behind a firewall that would automatically block the web interface from anywhere but your LAN. While there is surely a way to break the security on the web interface of these phones that should not exist, I can't really expect Yealink and Polycom to keep up with hackers, particularly when they cannot push security updates like traditional desktop operating systems. They must depend on the customer to manually update the firmware, and this must be phased out after testing for larger deployments.

A proper firewall will also block the Ghost calls with no need for the phone to do anything. Router\firewalls that have full cone NAT are the reason random IP's are able to intercept the port you are registered to your Voip provider on.


All that being said, I took a look at the log you attached, and these may provide a hint to what the problem may be. I don't know much about http security, but this appears that it may be part of a SSL downgrade exploit.

2016-02-24 11:49:41: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2016-02-24 11:49:42: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2016-02-24 11:49:55: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2016-02-24 11:49:56: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
03-12-2016 01:50 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 

Messages In This Thread
RE: Hacked phones: IP access control / pubkey auth? - Bryan Nelson - 03-12-2016 01:50 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Probem with Queues and ringing phones Saccara 0 1,024 11-30-2022 05:23 PM
Last Post: Saccara
  Phones crash using VM Impress1 1 2,583 03-29-2022 09:54 PM
Last Post: Yisroel_MongoTEL
  How to access web UI from different subnet? Jeremy17 0 2,114 03-02-2022 05:32 AM
Last Post: Jeremy17
  Need to completely reset phones Chris708 1 4,006 02-26-2021 03:58 AM
Last Post: Chris708
  T46S/T46G show green icon (blf) although phones disconnected (Asterisk) jobst 0 3,447 09-16-2020 04:29 AM
Last Post: jobst
  Cannot access from Chrome gaz8080 2 5,909 01-28-2020 01:24 PM
Last Post: gaz8080
  Root access to a T46S or T48S Alith7 0 3,759 10-28-2019 05:25 PM
Last Post: Alith7
  Using a shared phonebook managed bij phones johandezwaan 1 5,015 09-30-2019 01:32 PM
Last Post: mara
Bug T41G WiFi cannot access web gui ufo 1 5,664 09-01-2019 05:13 PM
Last Post: Babylonia
  Yealink Wireless IP Phones RyanL 2 6,650 08-19-2019 03:03 PM
Last Post: jolouis

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication