atcomsystems.ca/forum
Posted By: Keith L. Allworx Hacking. - 03/27/13 05:28 PM
I am looking for advice on best practices. I have had 3 Allworx systems hacked and a number of international calls were made. Some of this is to put my mind at ease because I am changing a lot of settings in the systems. Example; phone admin password gets changed, admin password gets changed, no access to outside lines in voicemail, phones are unable to create via WAN, VPN is used for remote management, etc. Two systems were hacked when a customer put a remote Allworx handset outside of a firewall, and one system had a Grandstream gateway hacked that was on the local network (only Allworx handsets are outside). I am trying to come up with a white paper so I need program items I can change that will work. For instance, has anyone tried to change from the standard SIP port of 5060? Sorry no suggestions. However, any stories that are shared would be appreciated since that often shows where the hack comes from. Thank you.
Posted By: Tesseract8550 Re: Allworx Hacking. - 04/01/13 05:39 PM
The latest software addresses the issues that allowed the systems to be hacked. It seems like you followed best practices, some of the WORST practices would be: allowing administration from the WAN without a VPN first.

What was allowing this to happen is that the passwords of phones registered with older software assigned a DEFAULT password to those phones. As you know from creating SIP accounts for soft phones, you need a userid and a password....all passwords for registered handsets are default. Once you know that, you can pretty much connect with a softphone and a few tricks and make all of the calls you like without knowing the remote (pnp) key or anything.

In short: upgrade to the latest software, and you should not need to take any other special precautions. (Although I agree with the DO NOT ALLOW AUTO CREATE OF WAN HANDSETS...if this is a problem, enable it remotely, let the user connect, and then disable it again...you'll be getting the call anyway, so no big deal, right?)

Posted By: bcstechs Re: Allworx Hacking. - 04/02/13 06:49 PM
The systems that we have seen hacked are using the Allworx as the firewall. The hackers are using the user credentials for generic SIP accounts and remote IP phones. If you can, move the Allworx to behind a strong firewall. Delete any unused generic SIP accounts. Change the password for all generic SIP devices - use a random password generator. Make sure "NAT traversal assistance" is turned off for all generic SIP phones. Block international calls (011 + 010) and calls to dangerous area codes (Barbados, Caribbean, etc.) Disable WAN access to admin, and disable all Creates over WAN. Allworx has released a security announcement - follow it to the letter.
Posted By: harleyman Re: Allworx Hacking. - 05/09/13 03:33 PM
We also found out hackers can get out through the system v/mail.
© Sundance Business VOIP Telephone Help