We got a call from our telecom provider that this past weekend, calls originated from our school district, out internationally. In the course of investigation, we found the two phones responsible. Both are Polycom SoundStation IP 7000 conference phones. Looking at their configurations, it turns out both devices have phone passwords and config auth login/passwords that we did not set. Looking into it, I've read elsewhere that others had issues with polycom phones and having information get injected into these devices.. Looks like they called out somewhere, the entity it communicated with injected the credentials, and then had access.
What can we do to stop this?!
Welcome to the Poly Community.
Both the communities Must Read First and the FAQ reference the basic minimum information a new or follow up post should contain.
This ensures the questions having to be asked are limited and any new or follow up post contains the right amount of details to ensure any voluntary participant within the community does not spend additional time chasing basic information.
As a reminder the basic information asked for:
UC Software 4.0.0 or later via the Web Interface Utilities > Phone Backup & Restore > Phone Backup > Phone Backup. Please rename into .TXT or Zip the file to attach.
Since UC Software 5.9.0 simply provide this via the Web Interface Diagnostics > Download Support Information Package
Whilst providing some of these details may not directly impact any possible answer the community can provide, it does enable Poly to have an overview of the current software used. In addition, providing all details at the same time allow us to check logs or look up potential support partners if an issue needs to come into support. It also enables us to verify the entitlement for using features.
I would suggest you ensure you have:
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Thank you. I tried reading that first post, and I kept getting error pages. I'm pretty sure it's my end for some reason. My avatar isn't even showing right (at least not on my end..). I'll read through the post and update my post with the info I can get.
Couldn't edit my OP... Editing this post as a result:
Right now, we aren't even hooking the conference phones back into the network unless they need to be used, at least until we can determine what happened.