w3 0wn ur f0n3

| No Comments

eweek.com reports that security researchers (read: hackers) at @stake have discovered many serious security flaws in one of the most popular brands of voice-over-IP phones, Pingtel's xpressa SIP PX-1. Among the flaws: shipping the phones without an administrative password (then allowing the password to be set remotely!), transmitting login information in cleartext, and lack of support for HTTPS. Once you 0wn the phone, you can do things like drop calls, change speed-dial settings, divert calls to another SIP phone, and DOS the phone in a dozen different ways. But the fun has just begun--you're now the prowd 0wn3r of a "POSIX compliant network device with storage space, bandwidth and a CPU." Another minion to do your blackhat bidding!

I submitted this (edited for brevity) to Slashdot; they didn't think it was good enough. Fortunately, we at the Reserved Space aren't constrained by things like standards.

Leave a comment


Powered by Movable Type 4.34-en

About this Entry

This page contains a single entry by Chris published on July 23, 2002 3:42 PM.

Vacation Is Good was the previous entry in this blog.

They Have Laws Against This? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.