Safety and security of OBiTalk
Jon9999:
I'm interested in knowing whether there have been (or are) any security concerns about OBiTalk. It would seem to me that if someone were to hack into OBiTalk, he could get access to an OBi device and remotely reconfigure it to make phone calls using the victim's SIP, GV, or PSTN account -- or worse.
Have there been any incidents?
Has there been any talk of heightening security on the OBiTalk system, for example by providing 2-factor authentication instead of simple userid/password signin, or at least by using HTTPS instead of HTTP?
Is there a way to turn off remote OBiTalk administration of my OBi device, should I choose to do so, and just use the local web interface for administration tasks?
Thanks!
Rick:
Discussed numerous times on the forum.
Find the IP address of your device, either by looking in your router's info or by dialing ***1.
Go to the web interface via the address and log in.
Under Voice Services, OBiTalk Service, uncheck the Default box next to Enable, then uncheck the box in the Value column. Click Submit at the bottom of the page, then reboot.
Jon9999:
Thanks, Rick. Can you please point me to one or more of the numerous posts on the forum about security? I tried searching on that word (and on "hacked," "hacking," "safe," and "breach") but couldn't find the relevant posts among the many results.
Rick:
Sorry, numerous discussions about turning off OBiTalk and just using the web interface, per the instructions I provided.
Jon9999:
Ah, thanks.
If anyone has any comments about or can point me to a discussion on the risks of OBiTalk security or otherwise being hacked through the OBi's connection to the internet, please add to this thread. I'd be particularly interested in thoughts on the use of HTTP instead of HTTPS for the OBiTalk web interface and the absence of 2-factor authentication.
Navigation
[0] Message Index
[#] Next page