News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Safety and security of OBiTalk

Started by Jon9999, July 21, 2013, 09:01:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Jon9999

July 21, 2013, 09:01:06 PM
I'm interested in knowing whether there have been (or are) any security concerns about OBiTalk. It would seem to me that if someone were to hack into OBiTalk, he could get access to an OBi device and remotely reconfigure it to make phone calls using the victim's SIP, GV, or PSTN account -- or worse.

Have there been any incidents?

Has there been any talk of heightening security on the OBiTalk system, for example by providing 2-factor authentication instead of simple userid/password signin, or at least by using HTTPS instead of HTTP?

Is there a way to turn off remote OBiTalk administration of my OBi device, should I choose to do so, and just use the local web interface for administration tasks?

Thanks!

Rick

#1
July 22, 2013, 05:51:11 AM
Discussed numerous times on the forum.

Find the IP address of your device, either by looking in your router's info or by dialing ***1.

Go to the web interface via the address and log in.

Under Voice Services, OBiTalk Service, uncheck the Default box next to Enable, then uncheck the box in the Value column.  Click Submit at the bottom of the page, then reboot.

Jon9999

#2
July 22, 2013, 07:31:27 AM
Thanks, Rick. Can you please point me to one or more of the numerous posts on the forum about security? I tried searching on that word (and on "hacked," "hacking," "safe," and "breach") but couldn't find the relevant posts among the many results.

Rick

#3
July 22, 2013, 07:32:55 AM
Sorry, numerous discussions about turning off OBiTalk and just using the web interface, per the instructions I provided.

Jon9999

#4
July 22, 2013, 07:36:15 AM
Ah, thanks.

If anyone has any comments about or can point me to a discussion on the risks of OBiTalk security or otherwise being hacked through the OBi's connection to the internet, please add to this thread. I'd be particularly interested in thoughts on the use of HTTP instead of HTTPS for the OBiTalk web interface and the absence of 2-factor authentication.

Shale

#5
July 22, 2013, 10:44:38 AM
If you go to the Login page, and view the source, you will see that HTTPS is being used for the login info including the password.

Jon9999

#6
July 22, 2013, 10:46:40 AM
Yeah, I was talking about everything else.  There's still some sensitive information on the other pages, like the aa PIN number, that should probably not really be sent in the clear.

carl

#7
July 22, 2013, 07:40:37 PM
I never heard about any Obi serious security issues, like hacking with a financial loss as a result . As a general precaution, I disabled all automatic refills with my providers, do not keep more than $ 10 in my accounts and use very strong passwords. So far, so good.
Print
Go Up Pages1
User actions