Yealink security hole
-
Was checking Google to see if there was a way to telnet into a Yealink phone because I am having a hell of a time with the VPN config on a phone in Cabo.
Found this: http://blog.danielparnell.com/?p=217
Did a little digging and did not see any news on an update or fix.
-
A backdoor in a Chinese phone! Not really surprised.
-
Country of origin is not relevant.
The exact same thing is found in most embedded devices.
-
@JaredBusch said:
Country of origin is not relevant.
The exact same thing is found in most embedded devices.
That's because most embedded devices come from either China or the US. The exact two countries you would expect.
-
So could you break into the PBX from the phone using this backdoor?
-
@Dominica said:
So could you break into the PBX from the phone using this backdoor?
Not per se. But you would get access to the extension's credentials so you could do some damage. But only through the extension.
-
Ah, okay. So you could do things like hijack the extension and make a bunch of calls, but not break in and take over the whole system?
-
@Dominica exactly. And you would be struggling to even do that. If locked down the extension would be locked by IP range and the phone would hopefully be blocked from making its own external VPN connections. So it really would only be a gateway to other security flaws. On its own it should do very little.
