[VoiceOps] New SPA2100/2102/1001 exploit in the wild?

Shripal Daphtary shripald at gmail.com
Fri Oct 18 21:10:49 EDT 2013 

On that note. I just met with Cisco at the bsft connections show. And they told me they were "recommitting" to the service provider market with an esbc nano cube and handsets certicification on the bworks in 3 weeks.  


Shripal

> On Oct 18, 2013, at 5:33 PM, Ryan Delgrosso <ryandelgrosso at gmail.com> wrote:
> 
> So just some additional information on this since i know a few others were seeing security issues with these devices.
> 
> I have recently discovered that cisco recently terminated the last 40 engineers responsible for maintaining the SPA codebase (SPA ATAs and IP phones and the new SPA112/122). This was done to free up the budget to build a replacement product that will work more closely with their hosted call manager product and less with 3rd party sip which isnt due for several years.
> 
> They will of course continue to sell the SPA products but you may have issues if you need anything custom done or need factory provisioning.
> 
> I found the timing of these events slightly curious as well.
> 
> Take this for what you will and if anyone out there has more information please feel fre to chime in.
> 
>> On 10/14/2013 04:08 PM, Ryan Delgrosso wrote:
>> Hey all,
>> I am seeing my fraud-o-meter tick up as of yesterday and it all seems to be driven by accounts attached to these devices. We have taken measures to start locking this down but I am wondering if anyone out there is seeing similar.
>> 
>> It looks like somehow legacy devices that have been deployed for 5+ years are having accounts lifted out of them.
>> 
>> Does anyone have info on this exploit, or if you are seeing this as well and want to compare notes feel free to ping me.
>> 
>> Thanks,
>> -Ryan
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops

More information about the VoiceOps mailing list