Fun with VoIP devices

Viewing 5 reply threads
  • Author
    Posts
    • #7532
      sil
      Participant

      I was bored earlier in the week and was on a conference call so I began messing around with the web interface of one of the conference phones I have. Lo and behold, stupidity ensued

      http://www.infiltrated.net/konftel/

      Enjoy the 4 minute walkthrough. Sent the vendor a quick email, but alas fell on deaf ears. *shrugs* If you have to ask what can you do against this in a test environment, I suggest you read the PTES and OSSTMM documentation over and over again. Title explained the gist of it though

    • #47047
      lorddicranius
      Participant

      Nicely done, and thx for the vid 🙂

      What track is that playing during the vid?

    • #47048
      sil
      Participant

      Vinny Paz “Death Messiah 2012”

    • #47049
      lorddicranius
      Participant

      I’m going to have to check out more of this Vinny Paz, thanks!

    • #47050
      alucian
      Participant

      Very interesting.

      I imagine that because you already are the admin, you knew the profile, and all the other data sent when you authenticate as admin.

      I hope that they’ll fix it as soon as possible, but event if they’ll provide a firmware upgrade, some users very rarely are updating their VoIP devices. For them they are Black Box devices they don’t touch. I saw some SLAs where the vendor said that if the customer will touch the device the warranty will be void. Probably a temporary bandage will be to put them in a separate VLAN, but this is tricky and if not properly done will create a false sense of protection.

      Thanks for the video!

    • #47051
      knwminus
      Participant

      Nice track and nice video.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?