Plantronics + Polycom. Now together as Poly Logo

phone Hacking

Highlighted
Occasional Contributor

phone Hacking

can anyone tell me please how i can secure polycom phones?  we have 100's of yealink and cisco phones and we have no issues, but with polycom phones we have hackings every day, they are making calls to the most expensive areas in the world,     we are changing the SIP passwords, but a day or 2 later its all over, they somehow get the new SIP credentials, and this is only from polycom phones,  we use the latest FW 4.0.9

Message 1 of 8
7 REPLIES 7
Highlighted
Polycom Employee & Community Manager

Re: phone Hacking

Hello naftula,

welcome back to the Polycom Community.

Can you describe a bit more in detail what you believe is being actually hacked in this instance ?

 

Are you disabling the web interface or changing the standard password or port ?

 

As you are a service provider you may want to open a support ticket so we can look at this as I have not heard such reports prior to this.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 8
Highlighted
Regular Advisor

Re: phone Hacking

I would open a ticket with support and look at the below in the meantime.

 

If your provisioning server is available from an unsecured network make sure any config files with passwords are encrypted or you are using a secure protocol like SFTP or HTTPS.  SIP over TLS is a good idea if supported by your phone system.  Check network firewall logs if applicable.

Message 3 of 8
Highlighted
Polycom Employee & Community Manager

Re: phone Hacking

Hello all,

Config File encryption needs to be requested from Polycom support as we need to clear some details on export regulations.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 8
Highlighted
Occasional Contributor

Re: phone Hacking

i really have no clue as of yet what the issue can be, 

 

1) the phones do NOT have a provisioning server as of now, (we took down the provisioning server untill we find out what the issue is)

 

2) we diabled the phone web interface 3 days ago,  and are in the procces of changing all SIP passwords and update the new passwords in the phones,

 

3) this issue is ongoing for the last 5-8 months,  (we have about 2000 phones, 200 of those are polycom) and it happens only on polycom phones, somehow they find out the SIP passwords, 

 

 

4) no we cannot have SIP over TLS

 

 

5) we did have an issue of "ghost calls" calls from 1000 or so.... 

so we updated our provisioning file with this,

<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" voIpProt.SIP.requestValidation.1.request.1.event="" voIpProt.SIP.requestValidation.1.request.2.event="" voIpProt.SIP.requestValidation.2.method="" 

is this good enough? or we should add something like

requestValidation also for NOTIFY, REFER, PRACK, UPDATE or anything alse?

or can anyone suggest any other tightening of security that we can add to the phones?


 

Message 5 of 8
Highlighted
Polycom Employee & Community Manager

Re: phone Hacking

Hello naftula,

I would defenately add REFER to that as well.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 8
Highlighted
Occasional Contributor

Re: phone Hacking

we will add REFER

also this is one of the reasons i asked for this 

http://community.polycom.com/t5/VoIP/Web-interface-lockout-duration/m-p/73689

 

any other suggestion someone might have?

 

Message 7 of 8
Highlighted
Polycom Employee & Community Manager

Re: phone Hacking

Hello naftula,

you should really work with support on this as I would assume our security department would be keen to find out what is actually being hacked.

 

Can you provide me with a MAC address and some details (if you want via community mail) so I can point you towards the right people?

 

We obviously have hundreds of thousands of phones (or more) with our service provider partners and we need to investigate this properly.

 

Any way you could setup a "bait" phone and monitor the traffic via wireshark ?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 8 of 8