Obi508 Hacked
SteveInWA:
Wow, sorry to hear about this.
Just following up on my comment and your subsequent question about GV security:
I assume that you've updated your OBis to their latest firmware level. Since none of us have a 508, we can't look for you, but according to this forum's firmware section, the latest build is 4764 from June 2015. The build level and release note information in that section are poorly maintained, so I suggest contacting Obihai about your issue in general, to see if they have any ideas.
Using the 2015 or newer firmware, access to one's Google Voice account no longer stores your Google account password on the device. Instead, during the process of you provisioning GV on an OBi, via the OBiTALK web portal, OBiTALK will use the OAUTH 2.0 protocol to securely request and, with your approval, obtain a secure access token for the Google Chat service used by OBi devices.
I am not a security expert, so I don't know if the attacker is using your GV account(s). I doubt it. But, as we've been discussing, a shotgun, pre-emptive change of all passwords would be a good idea.
If you can, I would delete all of the Google Voice SP configs on your OBi(s). Then, log into your Google accounts and go here: https://security.google.com/settings/security/permissions?pli=1
Find and click on, and then delete, all the permissions that have the tiny OBiTALK logo to the left, e.g. "Google Voice". Delete any permissions for apps you don't use or don't recognize.
This will delete the OAUTH 2.0 permission that had been granted for OBiTALK.
Change your Google account passwords to new, unique (not used on any other website) passwords.
There are also two potentially different passwords for OBi stuff: when you sign into your OBiTALK dashboard account, you either use a user ID and password you created specifically for OBiTALK, or you use your Google account password, again, via OAUTH. Figure out which method you are using, and change the password accordingly. Then, each OBi device has an admin password. If you haven't changed those, do so now.
SteveInWA:
This is off-topic and probably not your issue, but I re-read the discussion thread, and noticed:
Quote
Using Verizon FiOS Router/Modem M1424WR
I've been a FiOS customer since day 1 of availability here. I was originally given one of those routers. Actiontec made several revisions of the device, so my experience with the 1st gen could be different than yours. The router had confusing and unusual configuration menus and poor performance. I got rid of it years ago, and I have upgraded routers several times since then, all Linksys consumer routers. I now use a current-generation Linksys router with AC1900 WiFi.
Verizon (well, now Frontier) doesn't care what router you use, although their tech support may whine a bit if you call in a problem, since they like to remote into the Actiontec routers for problem determination. Your FiOS ONT (Optical Network Terminal) creates the fiber<-->Ethernet bridge, and whatever router is plugged into it will obtain the DHCP lease from the host. There's nothing special or magic about needing to use that old Actiontec router, and I have no idea if it has any security vulnerabilities. The fact that you cascaded another router downstream of the Actiontec should mitigate that, but you really don't need two routers.
sp508:
Okay they got me again! I am attaching a log of the local settings. Somehow they got and changed the same four: SP!-SP4.
Again the light on my line 1 (phone number ending ...515, now SP9) was on. Even though SP9 was not effected. When I broke into and confeenced the line there was beeping. The beeping was not like a fax machine just tones.
The log contains SP1-4 wich were hit and then SP( which was not hit and SP5,6,7,8 are the same.
PLEASE HELP.
Called OBi and 'they will get back to me.' I have been waiting for two weeks for any kind of real help from them.
Ostracus:
Quote from: Taoman on March 06, 2016, 11:04:26 pm
Quote from: sp508 on March 06, 2016, 08:22:14 pm
Do you have any idea of how they get into the OBi in the first place?
I would assume sip scanners found your OBi device on port 5060. They then dialed your device via anonymous ip in order to send a star code to enable unconditional call forwarding along with the desired number. At least that's my best guess. The two configuration changes you made should nip that in the bud.
My reading of the manual indicates star codes can only be entered via the PHONE port.
sp508:
They are continuously hacking SP1, SP2, SP3 and SP4.
They seem to be able to do it at will.
It most definitely has something to do with them calling in. But I don't know how they do it.
I have a PBX which after a certain number of rings picks up the call.
But they [seem to be able to light up the light on the PBX without the phone ringing. I am not positive about that but pretty sure. I don't know how they do that.
Navigation
[0] Message Index
[#] Next page
[*] Previous page