<<< Date Index >>>     <<< Thread Index >>>

Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 7 Mar 2005, Atom Smasher wrote:

an attacker may change the default password (the ATA doesn't appear to have a customer accessible hardware reset, which could compound a password problem).
=========================

(responding to self)

the ATA can be reset by dialing *#26845# from a connected phone. this presents another problem. an attacker can reset the password (and then gain unauthorized access to the ATA) by gaining access to any phone connected to the ATA. this can be easily accomplished at a party or by wireless beige-boxing which could be done from some distance away.

of course this type of reset seems to wipe out most info that would be useful to an attacker (LAN config, speed-dial list, etc) but still facilitates DoS and other types of attack.

solution: a pinhole button in the back of the ATA would require physical access to the device in order to reset the password.


- -- ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "Our enemies are innovative and resourceful, and so
         are we. They never stop thinking about new ways to
         harm our country and our people, and neither do we"
                -- George "dubya" Bush, 5 Aug 2004

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCLUPxAAoJEAx/d+cTpVci5cMIAL3OtgwgC9V5k7h9rOb4e1Qt
+yLNzPqml9ea/whzGeb/01KEWZ665WWYPALLf7SbkeNLr2Z3fMs8AlTjb5Uc5+v3
rnXH8vvYjb62uXHbMD8WAWj4HeVbzBMojeL1rwT/kE+fIwH25OQ/DnRRnrI0/5OS
1zBPhbzAMeej4FYyZtxxEJsySI1rWQSz8XA5FpZ3Dp/C7a4k4/gWLmcp3NJCsBFZ
YH64Oe4h1EvAK9S3d0CyJPFSwZKXRalIa0WlL6reJN4SZW/PeCs+L/8ydmr7XDN5
M6cHwQ/HhKnnHXreQn/8/N40X8oKx59/jZGfH1ypzJVKSp+NKAg4XBm7lsXfJP8=
=xE6p
-----END PGP SIGNATURE-----