News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Has my OBI200 been hacked?

Started by SteveB, September 13, 2016, 03:17:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

SteveB

September 13, 2016, 03:17:52 PM
Poking around this afternoon I looked at the GUI for my OBI200 and saw a ton of unchecked numbers AND two email addresses! One of those emails is "later.dude@gmail.com" and the other is "marcellorodriguez@skype.com", two email addresses likely fake and ones I've never seen before.

Here is a screenshot of my Speed Dials: https://steveborsch.com/files/OBI200_SpeedDials.jpg

No idea how any of the numbers, and especially those email addresses, got in to my speed dials.

Did I get hacked?

Mango

#1
September 15, 2016, 01:30:39 PM
I suggest you check to see if your OBi's internal web server is accessible: https://www.grc.com/ShieldsUP .  You can run the "Common Ports" test.  If port 80 is open, that is a serious problem.

General advice: never use DMZ or port forwarding to your OBi's IP address.

SteveB

#2
September 17, 2016, 12:44:46 PM
Thanks for the reply, Mango.

Am a longtime listener to Steve Gibson & Leo Laporte on Security Now, so have used GRC's tests before. Just for grins (and in case something changed in the last couple of months) I went back and ran the Common Ports test as well as others. On Common Ports the TruStealth Analysis still shows all ports as stealth so my IP achieved another "perfect" TruStealth rating.

Also, I don't use Universal Plug n'Play (UPnP) protocols on anything and intentionally don't use either single or range port forwarding.

I've also used Little Snitch (https://www.obdev.at/products/littlesnitch/index.html) for years and keep an eye on apps 'phoning home' to ensure I haven't inadvertently done something to comprise network security.

All that said, I don't know the VoIP space at all well but use Obi, Google Voice, and Telzio's service (https://telzio.com/) with Yealink wireless IP phones connected, so have been able to get everything up and running but just cannot figure out what's up with all of the numbers (and two email addresses) in my speed dial.

I am unable to remove all of the them either, regardless of what I do. My gut tells me that there was a hack and that these were inserted in "User Settings > Speed Dials" in order to use my Obi200 as some sort of call relay.

SteveB

#3
September 17, 2016, 12:55:47 PM
Was able to remove all data so all is good. I'll keep an eye on it. This might have occurred changing out a bad router last month so used older Apple Airport extreme for two weeks.
Print
Go Up Pages1
User actions