.

Fun with VoIP devices

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Apr 20, 2012 12:56 pm

Fun with VoIP devices

I was bored earlier in the week and was on a conference call so I began messing around with the web interface of one of the conference phones I have. Lo and behold, stupidity ensued

www.infiltrated.net/konftel/

Enjoy the 4 minute walkthrough. Sent the vendor a quick email, but alas fell on deaf ears. *shrugs* If you have to ask what can you do against this in a test environment, I suggest you read the PTES and OSSTMM documentation over and over again. Title explained the gist of it though
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Apr 20, 2012 1:23 pm

Re: Fun with VoIP devices

Nicely done, and thx for the vid :)

What track is that playing during the vid?
GSEC, eCPPT, Sec+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Apr 20, 2012 1:29 pm

Re: Fun with VoIP devices

Vinny Paz "Death Messiah 2012"
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sat Apr 21, 2012 1:17 am

Re: Fun with VoIP devices

I'm going to have to check out more of this Vinny Paz, thanks!
GSEC, eCPPT, Sec+
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sat Apr 21, 2012 8:32 am

Re: Fun with VoIP devices

Very interesting.

I imagine that because you already are the admin, you knew the profile, and all the other data sent when you authenticate as admin.

I hope that they'll fix it as soon as possible, but event if they'll provide a firmware upgrade, some users very rarely are updating their VoIP devices. For them they are Black Box devices they don't touch. I saw some SLAs where the vendor said that if the customer will touch the device the warranty will be void. Probably a temporary bandage will be to put them in a separate VLAN, but this is tricky and if not properly done will create a false sense of protection.

Thanks for the video!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Tue Apr 24, 2012 11:54 am

Re: Fun with VoIP devices

Nice track and nice video.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software