Obihai is deleting unwanted topics

(1/19) > >>

Dan_voip:
Earlier was a topic about OBi devices who got the new firmware despite the fact the firmware update was disabled.
http://www.obitalk.com/forum/index.php?topic=3225.0
Now is gone and I'm disappointed by Obihai.

crazyk4952:
I can say with certainty that I will no longer purchase another OBi product and I will no longer recommend people purchase them.

OBi you have lost my trust. Why did you build a backdoor into your product? And why are you trying to hide that fact?

Ostracus:
Mmmm, I'm not certain it's "hidden". It's practically implied with the partner provisioning guide and the Obiplus program.

jimates:
Quote from: crazyk4952 on May 09, 2012, 07:48:12 pm

I can say with certainty that I will no longer purchase another OBi product and I will no longer recommend people purchase them.

OBi you have lost my trust. Why did you build a backdoor into your product? And why are you trying to hide that fact?

We've always known it was there.

whee:
Quote from: Ostracus on May 09, 2012, 08:10:46 pm

Mmmm, I'm not certain it's "hidden". It's practically implied with the partner provisioning guide and the Obiplus program.


Sort of. If you register your device and start configuring it through the dashboard, it's pretty obvious they are doing something to control it remotely. But given it's you configuring it, it's implied you're okay with that.

When your device isn't registered with their dashboard and you have explicitly disabled all provisioning on the device and they still have control and push updates, that is worrying.

Even if we assume each device is uniquely keyed and all communications between Obihai and the device is encrypted, you are unknowingly hosting an attack vector. If Obihai is compromised, there is nothing stopping custom firmware being uploaded to all devices and acting as a botnet. Or sniffing your SIP traffic and shuffling it off somewhere. Or anything, really.

I think remote control is a fantastic feature for supporting less technical customers, but it should have some semblance of being under your control. Make me answer the phone and enter a PIN before a remote user gains access -- even if they really still have control but are doing it to make you feel better.

As it stands, I can't trust my OBi110 will always work. I know it's configured correctly. I know it's working right now. I know I disabled every automatic thing I could. It still may be updated without my knowledge, introduce a bug, and break when I need it.

The more technical-minded of us may have always understood it was "backdoored," but fiddling with configuration without your consent is disturbing.

Navigation

[0] Message Index

[#] Next page