Obi/Google Voice disconnecting overnight
cyclops:
Quote from: SteveInWA on May 18, 2016, 07:09:05 pm
Quote from: cyclops on May 18, 2016, 07:03:42 pm
Quote from: SteveInWA on May 18, 2016, 06:29:52 pm
Quote from: cyclops on May 18, 2016, 06:27:10 pm
Quote from: Mango on May 18, 2016, 06:17:16 pm
Once again, I'm reminded of why I still use 1.3.0 (Build: 2824) and only ever configure my device locally.
My Google Voice and SIP services continue to operate, trouble-free.
Double that. Even I'm still on that version without any issues. There is no way it will auto-upgrade, right?
You're a fool. That's a security exposure. Just update the firmware and get on with life.
What do you mean by security exposure? Any links to refer?
Your device's downlevel firmware still contains your Google account's user ID and password, and it's directly logging into your Google Voice account. This method was banned by Google back in 2013, and was the reason that Obihai had to stop supporting Google Voice until they updated their firmware to comply with Google's security requirements.
The current firmware uses the OAUTH 2.0 protocol to exchange secure tokens with Google, which only grants permission to certain limited services on your account -- in this case, Google Chat. The OBiTALK web portal and the OBi devices never store your Google login credentials.
There is no legitimate reason to continue using the old login method.
Okay. I got it. Better to upgrade it but probably I will leave it as is for now because of this issue people are facing. Or is it resolved with the 2866 firmware?
Also, the google account I use with obi exists just for making calls, so not a big deal for me. ;D
SteveInWA:
Quote from: cyclops on May 18, 2016, 07:15:56 pm
Quote from: SteveInWA on May 18, 2016, 07:09:05 pm
Quote from: cyclops on May 18, 2016, 07:03:42 pm
Quote from: SteveInWA on May 18, 2016, 06:29:52 pm
Quote from: cyclops on May 18, 2016, 06:27:10 pm
Quote from: Mango on May 18, 2016, 06:17:16 pm
Once again, I'm reminded of why I still use 1.3.0 (Build: 2824) and only ever configure my device locally.
My Google Voice and SIP services continue to operate, trouble-free.
Double that. Even I'm still on that version without any issues. There is no way it will auto-upgrade, right?
You're a fool. That's a security exposure. Just update the firmware and get on with life.
What do you mean by security exposure? Any links to refer?
Your device's downlevel firmware still contains your Google account's user ID and password, and it's directly logging into your Google Voice account. This method was banned by Google back in 2013, and was the reason that Obihai had to stop supporting Google Voice until they updated their firmware to comply with Google's security requirements.
The current firmware uses the OAUTH 2.0 protocol to exchange secure tokens with Google, which only grants permission to certain limited services on your account -- in this case, Google Chat. The OBiTALK web portal and the OBi devices never store your Google login credentials.
There is no legitimate reason to continue using the old login method.
Okay. I got it. Better to upgrade it but probably I will leave it as is for now because of this issue people are facing. Or is it resolved with the 2866 firmware?
Also, the google account I use with obi exists just for making calls, so not a big deal for me. ;D
Today's firmware update resolved the issue.
Mango:
Quote from: cyclops on May 18, 2016, 06:27:10 pm
There is no way it will auto-upgrade, right?
It can auto-upgrade, if you have Auto Firmware Upgrade, ITSP Provisioning, OBiTalk Provisioning, or OBiTALK Service enabled. Even with those disabled, it will auto-upgrade if you deal **5 (you can disable this with the DigitMap if you wish.)
Since it has not auto-upgraded by this point, you most likely have the above set already.
Quote from: cyclops on May 18, 2016, 07:03:42 pm
What do you mean by security exposure? Any links to refer?
Google got its panties in a bunch about Obihai having access to thousands of OBi users' Google passwords via OBiTALK, so told Obihai they had to start using OAuth2. If you have pre-OAuth2 firmware, there's no risk to using it, as you can't configure it with OBiTALK any more.
Quote from: SteveInWA on May 18, 2016, 07:09:05 pm
This method was banned by Google back in 2013,
Password authentication wasn't banned at all. I've been using it since I bought my first 110 in 2011 and continue to use it today. There's nothing wrong with password authentication - as long as your password isn't stored in the cloud. Remember that 99.99% of consumer or SoHo-grade SIP devices use password authentication. If you have a reason why a Google Voice password stored on my device is less secure than a SIP password stored on my device, let's hear it.
Quote from: SteveInWA on May 18, 2016, 07:09:05 pm
There is no legitimate reason to continue using the old login method.
The following quote from one of the other threads seems like a pretty legitimate reason:
Quote from: radleresq on May 17, 2016, 04:44:06 pm
I had to make a call- I'm in a very rural US area, so had to drive to someplace with cell coverage-
SteveInWA:
You know darn well what I meant by "banned". Google deprecated this method over two years ago, and required Obihai and other companies using it to stop doing so and change their authentication method. Let's not play games here. If you want to set up a sandboxed Google account that is only used for Google Chat, and no other Google services, that's your business, but don't advocate to the general user population that they continue to use this method.
Mango:
You didn't answer my question. Actually, I didn't phrase it like a question, so let me do so:
Why is a Google Voice password stored on my device any less secure than a SIP password, and what specific risk do I assume by using password authentication?
Navigation
[0] Message Index
[#] Next page
[*] Previous page