This post looks at reports from last year which I must admit had passed me by. They show how using a SIP device with a vulnerable router could leave you seriously exposed to VOIP fraud calls.
The reports focus on the BT Home Hub 3, but now that I’ve read it’s possible with one router, I have concerns that others could be affected.
When you have a SIP phone at home (or in the office) this is what you would expect to happen –
What actually happens on the HH3 (at least the firmware in the reports, this could have been resolved in later firmware) is this –
The difference is fairly subtle, but the result is not. This means that while your phone (SIP device) is switched on and connected to a remote Asterisk server or call provider, any SIP scanning against your public IP will get forwarded to the phone.
If the dial plan on the phone allows calls to be placed, then those calls would be completed. This could result in expensive VOIP fraud calls.
What should you do?
I recommend that everyone run a SIP scan on their public IP (this is your home/office IP) to ensure that no SIP devices respond. If they do and you are a SysAdminMan customer then please open a support ticket to discuss this more.
You can run a SIP scan from this site – http://sipscanner.voicefraud.com/
If you find any affected routers that are not the BT HH3 please post a comment.
You can find more info here –