Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 7 Mar 2005, Atom Smasher wrote:
an attacker may change the default password (the ATA doesn't appear to
have a customer accessible hardware reset, which could compound a
password problem).
=========================
(responding to self)
the ATA can be reset by dialing *#26845# from a connected phone. this
presents another problem. an attacker can reset the password (and then
gain unauthorized access to the ATA) by gaining access to any phone
connected to the ATA. this can be easily accomplished at a party or by
wireless beige-boxing which could be done from some distance away.
of course this type of reset seems to wipe out most info that would be
useful to an attacker (LAN config, speed-dial list, etc) but still
facilitates DoS and other types of attack.
solution: a pinhole button in the back of the ATA would require physical
access to the device in order to reset the password.
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Our enemies are innovative and resourceful, and so
are we. They never stop thinking about new ways to
harm our country and our people, and neither do we"
-- George "dubya" Bush, 5 Aug 2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJCLUPxAAoJEAx/d+cTpVci5cMIAL3OtgwgC9V5k7h9rOb4e1Qt
+yLNzPqml9ea/whzGeb/01KEWZ665WWYPALLf7SbkeNLr2Z3fMs8AlTjb5Uc5+v3
rnXH8vvYjb62uXHbMD8WAWj4HeVbzBMojeL1rwT/kE+fIwH25OQ/DnRRnrI0/5OS
1zBPhbzAMeej4FYyZtxxEJsySI1rWQSz8XA5FpZ3Dp/C7a4k4/gWLmcp3NJCsBFZ
YH64Oe4h1EvAK9S3d0CyJPFSwZKXRalIa0WlL6reJN4SZW/PeCs+L/8ydmr7XDN5
M6cHwQ/HhKnnHXreQn/8/N40X8oKx59/jZGfH1ypzJVKSp+NKAg4XBm7lsXfJP8=
=xE6p
-----END PGP SIGNATURE-----