IP Security Forum

Author Topic: Snom VoIP SIP phones sensitive to eavesdropping  (Read 4674 times)

Offline tankwart

  • Sr. Member
  • ****
  • Posts: 165
  • Karma: 0
Snom VoIP SIP phones sensitive to eavesdropping
« on: Wednesday, 08.03.2006 08:29 »
If you enable the Intercom feature in Advanced settings of a snom telephone configuration, any SIP caller may evesdrop your room by forcing your telephone off-hook!

This intercom feature is supposed to be secured with a <domain> setting in the SIP Call-Info message, but this <domain> string can be currently anything, it seems to be ignored by the snom phone. at least if the invite message comes from a registrar that the phone has successfully registered with, for example your asterisk box.

In the snom configuration the intercom feature is set to "off" by default and you will hear a short beep when the phone gets off-hook and the display informs about the incoming connection. Still, it would be wise to double-check your VoIP-connection to the outside world to make sure this auto-answer feature cannot be invoked by anyone from the internet!

This has been observed with SNOM 190 phones (Firmware 3.60x) and SNOM 360 phones (Firmware v5.3).







« Last Edit: Sunday, 23.07.2006 23:07 by admin »

Offline tankwart

  • Sr. Member
  • ****
  • Posts: 165
  • Karma: 0
Re: Snom VoIP SIP phones sensitive to eavesdropping
« Reply #1 on: Sunday, 23.07.2006 23:03 »
It has been found that with the SIP commands mentioned above you can eveasdrop a Snom 190 phone and there is nothing you can do about that except pulling the plug. You can try this out by yourself simply by installing the Asterisk Phonebook from GEOTEK and place a call to one of these phones via web dialer.

The Snom 190 phone does not even issue a tone signal when this happens. Snom support has confirmed this to be true with the newest firmware version snom190-3.60x-SIP-j.bin, but this bug will not be solved since this is a discontinued product. According to Snom, it might be possible to go back to the old firmware version 3.56, where you can disable call acceptance with the broadsoft_call_control setting, but this will break other features.
« Last Edit: Sunday, 23.07.2006 23:10 by admin »