[VoiceOps] New SPA2100/2102/1001 exploit in the wild?

Ryan Delgrosso ryandelgrosso at gmail.com
Tue Oct 15 02:09:01 EDT 2013

What details do you have? Are the calls actually originating from the 
devices or are the credentials just getting lifted from them somehow?

Feel free to reply off-list if you don't want it public but I would like 
to see if any info could be mutually beneficial.

On 10/14/2013 05:23 PM, Anthony Orlando wrote:
> Seeing something similar with the new 112/122.  They are locked down hard yet still getting hacked.
>> On Oct 14, 2013, at 18:08, Ryan Delgrosso <ryandelgrosso at gmail.com> wrote:
>> Hey all,
>> I am seeing my fraud-o-meter tick up as of yesterday and it all seems to be driven by accounts attached to these devices. We have taken measures to start locking this down but I am wondering if anyone out there is seeing similar.
>> It looks like somehow legacy devices that have been deployed for 5+ years are having accounts lifted out of them.
>> Does anyone have info on this exploit, or if you are seeing this as well and want to compare notes feel free to ping me.
>> Thanks,
>> -Ryan
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops

More information about the VoiceOps mailing list