Obi508 Hacked
LTN1:
Quote from: sp508 on March 07, 2016, 06:19:30 pm
They are continuously hacking SP1, SP2, SP3 and SP4.
They seem to be able to do it at will.
It most definitely has something to do with them calling in. But I don't know how they do it.
I have a PBX which after a certain number of rings picks up the call.
But they [seem to be able to light up the light on the PBX without the phone ringing. I am not positive about that but pretty sure. I don't know how they do that.
Regardless of whether there is a security defect in the OBi508vs device or not, I doubt that you will get the support that you need here. If you are determined to continue to use your 508, a high tech security consultant would be helpful. The problem is that the fee charged would likely far exceed your 508.
Would you consider going to a more secured system like this: https://www.corporatearmor.com/documents/talkswitch_datasheet.pdf (or equivalent, regardless of product manufacturer)
Taoman:
Quote from: sp508 on March 07, 2016, 07:40:14 am
I did this. I reset the OBi, went off site and used a computer that didn't belong to me. I started from scratch with a newOBiTalk account and ALSO put the OBI behind its own router. The hacker still got in. I think that pints to a weakness in the OBi not a keystrok logger, correct?
Given that you say you've done all the above in addition to the configuration changes I suggested I am at a loss. Unless there is a "feature" or defect in the OBi508 I'm unaware of I just don't see how this could be an external hack. I'm no network guru but it seems like they are accessing your OBi device from your internal network. But that's just a guess.
Edit: I guess I missed the PBX part. How is your PBX connected to the OBi and the outside world? Continuing on my guess, could they be hacking your PBX to get to your OBi?
What exactly has Obihai support said to you? Have they asked you to set up a syslog?
Taoman:
Quote from: Ostracus on March 07, 2016, 06:12:09 pm
Quote from: Taoman on March 06, 2016, 11:04:26 pm
Quote from: sp508 on March 06, 2016, 08:22:14 pm
Do you have any idea of how they get into the OBi in the first place?
I would assume sip scanners found your OBi device on port 5060. They then dialed your device via anonymous ip in order to send a star code to enable unconditional call forwarding along with the desired number. At least that's my best guess. The two configuration changes you made should nip that in the bud.
My reading of the manual indicates star codes can only be entered via the PHONE port.
Seems logical. Just didn't know if things might be different with the 508.
Taoman:
Quote from: LTN1 on March 07, 2016, 06:40:30 pm
Regardless of whether there is a security defect in the OBi508vs device or not, I doubt that you will get the support that you need here. If you are determined to continue to use your 508, a high tech security consultant would be helpful. The problem is that the fee charged would likely far exceed your 508.
You may very well be correct. I would hope there will be more help from Obihai support forthcoming.
Edit: I'm going to reach out to a couple top notch VoIP troubleshooters and see if they'd be willing to take a look at this thread and perhaps offer a suggestion. It's certainly over my head.
sp508:
Thanks for all your help! really.
OBi has done almost nothing. No, no syslog. They do not respond to support tickets (perhaps once or twice with very curt and lame suggestions). They did not try to 'harden' the OBi the way you suggested. When I call they want me to get off the phone.
I called again today and demanded some attention and help. I sent them an entire log of what was going on but so far no response.
Re PBX: The PBX CO lines are connected to the OBi. The PBX has NO connection to the outside world other than the CO lines going to the OBi and electric power. So a call would have to go through the OBi to ring on the PBX. Don't see how they could hack the PBX. When you hit * on a voicemail it the Voicemail hangs up on you.
Perhaps they are in my network with a virus. But if so they are accomplishing nothing. Long distance calls are disables at PP. As I mentioned, I did extensive virus scanning. I set up a new OBi at a different location with a firends computer and still they got in.
It really seems that the only thing that stayed the same in the whole process is the phone number that is being hacked called and SP1-4 being changed.
Navigation
[0] Message Index
[#] Next page
[*] Previous page