Steven Kurylo wrote:
>> 2 minutes of TFTPing config files with MAC addresses near mine suggest
>> "nothing." (I successfully pulled a file with someone's password...
>> haven't tried using it, and don't intend to, but I don't see any reason
>> why it wouldn't work.)
>
>
> So, whats stopping me, as a non-customer, from doing that as well?
>
Nothing. I hadn't meant to imply that you needed to be a customer. Of
course, having a starting point for the MAC addresses would help
immensely. (I started at one less than the address on my box.)
> Maybe I'll have time to poke at it this evening, but could I just TFTP
> files from them and then use that to make calls?
>
Yup. You just have to stumble on a working filename. (I hope it's
obvious already why I didn't publicly post my MAC address.)
> Are you going to try to phone them to complain? If I don't have to be
> a customer to get access, thats an even more extremely serious hole.
>
I sent an online Tech support request detailing the problem and
indicating that I considered it a very serious security concern, as it
could financially affect me, as my account automatically bills my CC for
toll usage.
By the way, Aastra at least has encrypted files for this exact purpose.
I'm sure it would be possible to reverse engineer the key from the
firmware, but at least it's 100x harder to do than cleartext. (I'm
configuring some Aastra SIP gear at the moment.)
ttyl
srw
Received on Mon Dec 11 14:59:27 2006
This archive was generated by hypermail 2.1.8 : Mon Dec 11 2006 - 14:59:33 CST