Grandstream BT 101 phone hacked?

Discussion in 'UK VOIP' started by Tom, Jul 18, 2005.

  1. Tom

    Tom Guest

    Hi,

    I have a SIP phone (Grandstream BT 101), which I use with Sipgate. However,
    yesterday, when I tried to use it, it wouldn't work. I went to the settings
    page of the phone, and discovered that the connection details had been
    changed. The provider was no longer Sipgate but europasstelecom.com (many
    settings had been changed).

    I wonder if this is a bug following a self-firmware update, or if some
    company hacked the phone to change the provider...

    Tom
    Tom, Jul 18, 2005
    #1
    1. Advertising

  2. Tom

    Ivor Jones Guest

    Tom wrote:
    > Hi,
    >
    > I have a SIP phone (Grandstream BT 101), which I use with Sipgate.
    > However, yesterday, when I tried to use it, it wouldn't work. I
    > went to the settings page of the phone, and discovered that the
    > connection details had been changed. The provider was no longer
    > Sipgate but europasstelecom.com (many settings had been changed).
    >
    > I wonder if this is a bug following a self-firmware update, or if
    > some company hacked the phone to change the provider...
    >
    > Tom


    Interesting, not come across that before. I'll make some enquiries..! Had
    the firmware recently updated..?

    Ivor
    Ivor Jones, Jul 18, 2005
    #2
    1. Advertising

  3. Tom

    Paul D.Smith Guest

    Please let us know what you find out! Hacking SIP phones could be a whole
    new area of hurt for comsumers!

    Although this shouldn't be able to hurt you commerically, it would allow
    someone to fish for all your friends numbers, and could even listen in on
    your conversations.

    Anyone for secured media?...

    Paul DS.
    Paul D.Smith, Jul 18, 2005
    #3
  4. Tom

    Ian Guest

    "Tom" <> wrote in message
    news:...
    > Hi,
    >
    > I have a SIP phone (Grandstream BT 101), which I use with Sipgate.

    However,
    > yesterday, when I tried to use it, it wouldn't work. I went to the

    settings
    > page of the phone, and discovered that the connection details had been
    > changed. The provider was no longer Sipgate but europasstelecom.com (many
    > settings had been changed).
    >
    > I wonder if this is a bug following a self-firmware update, or if some
    > company hacked the phone to change the provider...
    >
    > Tom
    >

    Hi.

    Ok, did you buy this set new? And when you programed it you set the tftp
    server to 0.0.0.0 or an address on your network and changed the password.
    If not and you left the tftp server address in when it reboots it will look
    for the tftp server and update settings as nesesary.
    To have "Hacked" it you would have needed port80 open and pointing at the
    phone..
    I very much doubt its been hacked.

    What is even odder is that europasstelecom dont seem to have launched a
    service yet!!!! and it looks like a MLM scheme as well, so any type of
    advertising is good for dodgy agents.......even just getting the name
    outthere....

    Ian
    Ian, Jul 18, 2005
    #4
  5. Tom

    Paul D.Smith Guest

    > Ok, did you buy this set new? And when you programed it you set the tftp
    > server to 0.0.0.0 or an address on your network and changed the password.
    > If not and you left the tftp server address in when it reboots it will

    look
    > for the tftp server and update settings as nesesary.
    > To have "Hacked" it you would have needed port80 open and pointing at the
    > phone..
    > I very much doubt its been hacked.
    >
    > What is even odder is that europasstelecom dont seem to have launched a
    > service yet!!!! and it looks like a MLM scheme as well, so any type of
    > advertising is good for dodgy agents.......even just getting the name
    > outthere....
    >


    But does upgrading the firmware loose all customer settings? Is there no
    facility for upgrading but restoring user configuration?

    Paul DS.
    Paul D.Smith, Jul 18, 2005
    #5
  6. In article <42db928c$0$13702$>,
    "Paul D.Smith" <> writes:
    >But does upgrading the firmware loose all customer settings? Is there no
    >facility for upgrading but restoring user configuration?


    Much to my surprise, upgrading (and then downgrading again)
    my sipura spa-3000 didn't lose any settings.

    --
    Andrew Gabriel
    Andrew Gabriel, Jul 18, 2005
    #6
  7. Tom

    Ian Guest

    "Paul D.Smith" <> wrote in message
    news:42db928c$0$13702$...
    > > Ok, did you buy this set new? And when you programed it you set the tftp
    > > server to 0.0.0.0 or an address on your network and changed the

    password.
    > > If not and you left the tftp server address in when it reboots it will

    > look
    > > for the tftp server and update settings as nesesary.
    > > To have "Hacked" it you would have needed port80 open and pointing at

    the
    > > phone..
    > > I very much doubt its been hacked.
    > >
    > > What is even odder is that europasstelecom dont seem to have launched a
    > > service yet!!!! and it looks like a MLM scheme as well, so any type of
    > > advertising is good for dodgy agents.......even just getting the name
    > > outthere....
    > >

    >
    > But does upgrading the firmware loose all customer settings? Is there no
    > facility for upgrading but restoring user configuration?
    >

    No. But settings can be part of the TFTP process, more info here
    http://tanesha.net/Wiki/GratissipTftpd.html. Personly this is the first time
    I have heard of a GS being "hacked" and as I mentioned its strange that the
    company mentioned doesnt have a service just a MLM scheme of types running.

    Ian
    Ian, Jul 18, 2005
    #7
  8. Tom

    Tom Guest

    Hi,

    The software was upgraded automatically apparently. I bought the phone from
    new, and originally went to a single page to put my settings. I am using
    Sipgate, and also added a password. The phone is also in a DMZ, so not
    protected by firewall.

    When I then tried to use the phone later on, it wouldn't work, so I logged
    on the web interface again, and saw a new interface (three tabs instead of a
    single page, so the phone must have downloaded automatically an upgrade from
    the manufacturer), and the provider details had changed. The phone wouldn't
    connect anyway since I don't have an account with them.

    I found all of this very strange. I changed the settings manually back to
    Sipgate, and the phone is now working again...


    "Ivor Jones" <> wrote in message
    news:...
    > Tom wrote:
    >> Hi,
    >>
    >> I have a SIP phone (Grandstream BT 101), which I use with Sipgate.
    >> However, yesterday, when I tried to use it, it wouldn't work. I
    >> went to the settings page of the phone, and discovered that the
    >> connection details had been changed. The provider was no longer
    >> Sipgate but europasstelecom.com (many settings had been changed).
    >>
    >> I wonder if this is a bug following a self-firmware update, or if
    >> some company hacked the phone to change the provider...
    >>
    >> Tom

    >
    > Interesting, not come across that before. I'll make some enquiries..! Had
    > the firmware recently updated..?
    >
    > Ivor
    >
    >
    Tom, Jul 19, 2005
    #8
  9. Tom

    Lee Guest

    OT: Why downgrade spa-3000?

    "Andrew Gabriel" <> wrote in message
    news:42dba60a$0$38044$...
    > In article <42db928c$0$13702$>,
    > "Paul D.Smith" <> writes:
    >>But does upgrading the firmware loose all customer settings? Is there no
    >>facility for upgrading but restoring user configuration?

    >
    > Much to my surprise, upgrading (and then downgrading again)
    > my sipura spa-3000 didn't lose any settings.
    >


    Out of interest - why did you downgrade?
    Lee, Jul 19, 2005
    #9
  10. Re: OT: Why downgrade spa-3000?

    In article <>,
    "Lee" <> writes:
    >
    > "Andrew Gabriel" <> wrote in message
    > news:42dba60a$0$38044$...
    >> Much to my surprise, upgrading (and then downgrading again)
    >> my sipura spa-3000 didn't lose any settings.

    >
    > Out of interest - why did you downgrade?


    The version 3 firmware introduced and fault whereby all the
    syslog messages are missing the PRI header so they aren't
    usable. In the version 2 firmware, most of the syslog messages
    are more correctly formed (a few only are missing the PRI header
    and unusable).

    Also, the version 3 firmware didn't fix the TCP window handling
    problem which was the main reason for trying the upgrade. This
    prevents the browser interface working properly when the browser
    system advertises a large TCP window (i.e. probably something
    over 32k, but not window scaling), and it is running across a WAN
    or sufficient routers such that more than 32k of data gets
    buffered across the network. It looks to me like the spa-3000 is
    perhaps tripping on some associated 16bit arithmetic which needs
    to be 32 bit arithmetic, screwing up its TCP sequence calculations,
    and gets stuck in a TCP restransmit loop. If you have control of
    the TCP window advertised from the browser system, knocking it
    down to 20k is a workaround.

    --
    Andrew Gabriel
    Andrew Gabriel, Jul 19, 2005
    #10
  11. Tom

    Lee Guest

    Re: OT: Why downgrade spa-3000?

    "Andrew Gabriel" <> wrote in message
    news:42dced6e$0$38046$...
    > In article <>,
    > "Lee" <> writes:
    >>
    >> "Andrew Gabriel" <> wrote in message
    >> news:42dba60a$0$38044$...
    >>> Much to my surprise, upgrading (and then downgrading again)
    >>> my sipura spa-3000 didn't lose any settings.

    >>
    >> Out of interest - why did you downgrade?

    >
    > The version 3 firmware introduced and fault whereby all the
    > syslog messages are missing the PRI header so they aren't
    > usable. In the version 2 firmware, most of the syslog messages
    > are more correctly formed (a few only are missing the PRI header
    > and unusable).
    >
    > Also, the version 3 firmware didn't fix the TCP window handling
    > problem which was the main reason for trying the upgrade. This
    > prevents the browser interface working properly when the browser
    > system advertises a large TCP window (i.e. probably something
    > over 32k, but not window scaling), and it is running across a WAN
    > or sufficient routers such that more than 32k of data gets
    > buffered across the network. It looks to me like the spa-3000 is
    > perhaps tripping on some associated 16bit arithmetic which needs
    > to be 32 bit arithmetic, screwing up its TCP sequence calculations,
    > and gets stuck in a TCP restransmit loop. If you have control of
    > the TCP window advertised from the browser system, knocking it
    > down to 20k is a workaround.
    >


    Not sure what all that means, but thanks! ;-)

    I have an spa-3000 that appears to be working fine but thought I would
    check.

    Lee
    Lee, Jul 21, 2005
    #11
  12. Settings can be downloaded via TFTP as the GS supports auto-provisioning. My
    guess is that you have set the tftp server entry unknowingly to europass's
    server. They did have a service called Noodle, which went out of business
    before it started.

    The Knowledge


    "Ian" <spam"AT"bathfordhill.co.uk> wrote in message
    news:...
    >
    > "Paul D.Smith" <> wrote in message
    > news:42db928c$0$13702$...
    > > > Ok, did you buy this set new? And when you programed it you set the

    tftp
    > > > server to 0.0.0.0 or an address on your network and changed the

    > password.
    > > > If not and you left the tftp server address in when it reboots it will

    > > look
    > > > for the tftp server and update settings as nesesary.
    > > > To have "Hacked" it you would have needed port80 open and pointing at

    > the
    > > > phone..
    > > > I very much doubt its been hacked.
    > > >
    > > > What is even odder is that europasstelecom dont seem to have launched

    a
    > > > service yet!!!! and it looks like a MLM scheme as well, so any type of
    > > > advertising is good for dodgy agents.......even just getting the name
    > > > outthere....
    > > >

    > >
    > > But does upgrading the firmware loose all customer settings? Is there

    no
    > > facility for upgrading but restoring user configuration?
    > >

    > No. But settings can be part of the TFTP process, more info here
    > http://tanesha.net/Wiki/GratissipTftpd.html. Personly this is the first

    time
    > I have heard of a GS being "hacked" and as I mentioned its strange that

    the
    > company mentioned doesnt have a service just a MLM scheme of types

    running.
    >
    > Ian
    >
    >
    VoIP Knowledge, Jul 26, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hugo Drax

    grandstream phone review

    Hugo Drax, Oct 8, 2003, in forum: VOIP
    Replies:
    0
    Views:
    1,576
    Hugo Drax
    Oct 8, 2003
  2. SniperSquad
    Replies:
    13
    Views:
    954
    Stuart Friedman
    Jan 24, 2004
  3. Boobie
    Replies:
    10
    Views:
    2,045
    Kyler Laird
    Dec 27, 2004
  4. vopa
    Replies:
    13
    Views:
    1,035
  5. TR

    Grandstream BT 101

    TR, Mar 20, 2006, in forum: UK VOIP
    Replies:
    2
    Views:
    521
Loading...

Share This Page