[VoiceOps] New SPA2100/2102/1001 exploit in the wild?

Ryan Delgrosso ryandelgrosso at gmail.com
Tue Oct 15 02:09:01 EDT 2013


Anthony,
What details do you have? Are the calls actually originating from the 
devices or are the credentials just getting lifted from them somehow?

Feel free to reply off-list if you don't want it public but I would like 
to see if any info could be mutually beneficial.


On 10/14/2013 05:23 PM, Anthony Orlando wrote:
> Seeing something similar with the new 112/122.  They are locked down hard yet still getting hacked.
>
>> On Oct 14, 2013, at 18:08, Ryan Delgrosso <ryandelgrosso at gmail.com> wrote:
>>
>> Hey all,
>> I am seeing my fraud-o-meter tick up as of yesterday and it all seems to be driven by accounts attached to these devices. We have taken measures to start locking this down but I am wondering if anyone out there is seeing similar.
>>
>> It looks like somehow legacy devices that have been deployed for 5+ years are having accounts lifted out of them.
>>
>> Does anyone have info on this exploit, or if you are seeing this as well and want to compare notes feel free to ping me.
>>
>> Thanks,
>> -Ryan
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops



More information about the VoiceOps mailing list