[VoiceOps] New SPA2100/2102/1001 exploit in the wild?

[Ryan Delgrosso]

So just some additional information on this since i know a few others 
were seeing security issues with these devices.

I have recently discovered that cisco recently terminated the last 40 
engineers responsible for maintaining the SPA codebase (SPA ATAs and IP 
phones and the new SPA112/122). This was done to free up the budget to 
build a replacement product that will work more closely with their 
hosted call manager product and less with 3rd party sip which isnt due 
for several years.

They will of course continue to sell the SPA products but you may have 
issues if you need anything custom done or need factory provisioning.

I found the timing of these events slightly curious as well.

Take this for what you will and if anyone out there has more information 
please feel fre to chime in.

On 10/14/2013 04:08 PM, Ryan Delgrosso wrote:
> Hey all,
> I am seeing my fraud-o-meter tick up as of yesterday and it all seems 
> to be driven by accounts attached to these devices. We have taken 
> measures to start locking this down but I am wondering if anyone out 
> there is seeing similar.
>
> It looks like somehow legacy devices that have been deployed for 5+ 
> years are having accounts lifted out of them.
>
> Does anyone have info on this exploit, or if you are seeing this as 
> well and want to compare notes feel free to ping me.
>
> Thanks,
> -Ryan
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops