|
Title: Fun with VoIP devices Post by: sil on April 20, 2012, 12:56:37 PM I was bored earlier in the week and was on a conference call so I began messing around with the web interface of one of the conference phones I have. Lo and behold, stupidity ensued www.infiltrated.net/konftel/ (http://www.infiltrated.net/konftel/) Enjoy the 4 minute walkthrough. Sent the vendor a quick email, but alas fell on deaf ears. *shrugs* If you have to ask what can you do against this in a test environment, I suggest you read the PTES and OSSTMM documentation over and over again. Title explained the gist of it though Title: Re: Fun with VoIP devices Post by: lorddicranius on April 20, 2012, 01:23:35 PM Nicely done, and thx for the vid :)
What track is that playing during the vid? Title: Re: Fun with VoIP devices Post by: sil on April 20, 2012, 01:29:11 PM Vinny Paz "Death Messiah 2012"
Title: Re: Fun with VoIP devices Post by: lorddicranius on April 21, 2012, 01:17:15 AM I'm going to have to check out more of this Vinny Paz, thanks!
Title: Re: Fun with VoIP devices Post by: alucian on April 21, 2012, 08:32:06 AM Very interesting.
I imagine that because you already are the admin, you knew the profile, and all the other data sent when you authenticate as admin. I hope that they'll fix it as soon as possible, but event if they'll provide a firmware upgrade, some users very rarely are updating their VoIP devices. For them they are Black Box devices they don't touch. I saw some SLAs where the vendor said that if the customer will touch the device the warranty will be void. Probably a temporary bandage will be to put them in a separate VLAN, but this is tricky and if not properly done will create a false sense of protection. Thanks for the video! Title: Re: Fun with VoIP devices Post by: knwminus on April 24, 2012, 11:54:25 AM Nice track and nice video.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |