Obi508 Hacked
LTN1:
Your problem is with your PBX system, not the OBi.
If your PBX system allows for remote configuration (that is, calling in from an outside line), then an outside caller, with the master password can technically call in and reactivate the call bridging/forwarding feature that you have on your PBX system.
The caller will unlikely be able to remotely reconfigure your OBi device by keypad alone. It will require hacking into your online OBiTalk dashboard also.
The bottom line is, you have a problem with the security of your PBX. It is not related to the OBi, except once your PBX has been hacked, it uses the OBi lines to call out. If you can stop any remote configuration changes to your PBX, that would likely solve your immediate problem.
If you can't secure your PBX, then it is time to get another PBX with better security features.
sp508:
I put passwords on all PBX extensions. I disabled outside CO lines on the PBX. So I believe the PBX is secured now.
Still don't know how he did all the programming on OBi local. Any clues?? I assume he could do *72, but does that get migrate to the local Obi settings???
Apparently, he is a known hacker http://whocallsme.com/Phone-Number.aspx/2392344378
I wonder if I should report to the FBI.
LTN1:
Quote from: sp508 on March 13, 2016, 12:38:55 pm
I put passwords on all PBX extensions. I disabled outside CO lines on the PBX. So I believe the PBX is secured now.
Still don't know how he did all the programming on OBi local. Any clues?? I assume he could do *72, but does that get migrate to the local Obi settings???
Apparently, he is a known hacker http://whocallsme.com/Phone-Number.aspx/2392344378
I wonder if I should report to the FBI.
I don't have the 508 but part of the advertising says:
Software Feature Highlights:
Call Signaling for Up to 8 SIP-Based Voice Services: SIP (UDP/TCP/TLS)
OBiTALK Calling: Allows for Voice Communications Between OBi Devices and Smart Phone Apps
VoIP Codecs Supported: G.711, G.726, G.729, G.722, iLBC
Fax Over IP: T.38 Real-Time Fax over IP, G.711 Transparent Fax (Automatic)
Obihai Call Routing and Bridging Technology: Allows for Full-matrix Switching Amongst Available Services (VoIP, Land Line or Mobile Phone) and/or Ports
Secure Provisioning and Management via the OBiTALK Cloud or via TFTP, HTTP/S or via Integral Web Page
Globally Localizable: Allows for Country-Specific Dialing, Ringing, In-call Tones and PSTN (FXO) Interoperability - Requires OBiLINE USB to FXO Adapter(s)
You can additionally disable all of the call forwarding/bridging capabilities of the OBi508vs.
I think what I am seeing here is the headache of using lower end PBX systems, including the OBi508vs. They're just not designed to be user friendly in warding off a sophisticated hacker. It's not what you want to hear but I want to bring this point up so you don't fully blame Obihai or your lower end analog PBX system for everything the hacker is doing. There's a reason why businesses spend tens of thousands of dollars on security devices and software--and a $400 device isn't going to be up to par with the higher end ones.
LTN1:
Here's a sample configuration page in my PBX that allows for limited access and PIN security for any outbound calls. It has many features, including the ability to easily stop any call bridging/forwarding with a check or uncheck.
Since it is a hybrid PBX, it even allows for the OBi202 to be connected to some of its analog phone lines. Say you have a two OBi202 lines connected, all incoming and outgoing calls will be handled by the PBX. The only purpose for the OBi202 is to provide telephone lines. Security is regulated at the PBX level.
The system that we have employs a number of redundant features. It includes landlines that won't go down in case of a long-term power failure. It employs pure VoIP lines like CallCentric, Localphone, etc. It even has GV lines through the OBi device--which is useful for its T.38 feature.
The system (not phones), when purchased new, was only $1500. It has 4 analog lines and 8 SIP trunks (for VoIP lines)--for a total of 12 concurrent lines. I have an extra identical system as a backup or to act as a daisy chain if we needed more lines--but that is unlikely since for our small office, 12 lines is more than enough. Out of that 12 lines, we can program up to 70 extensions either locally or remotely. For example, in your camp situation, you can actually operate using one system at the main office and just set up VoIP extension phones connected to the camp's LAN and it will be exactly like an extension phone at the main office hundreds of miles away.
Consider upgrading if your system isn't secure or easy to use.
sp508:
So far so good. ever since I password protected the voice mail extensions and disabled the VM ports from being to make outgoing calls (hence having access to the OBi ports) the hacker has not attacked.
i sent a request to OBi tech support asking how to disable 'Bridging' but have not gotten a response.
To LTN1. My analog system has 24 CO lines and appx 90 extensions along with integrated Voice Mail. I am loath to switch - unless, of course, I have to.
I would love to have a brand new VOip system, but my understanding is that I would need an CAT5 connection to each phone. My extensions are spread out over 60 acres and rewiring would cost $20,000+.
Navigation
[0] Message Index
[#] Next page
[*] Previous page