Wanted: owner of this VoIP phone
I’m not trying to run a technical obscurity competition: the phone pictured left is a Snom DECT handset, one of three I picked up on eBay, along with their accompanying DECT-to-Ethernet base station.
I’m not asking that incredibly elite group of VoIP phone-spotters to give me chapter and verse on Snom’s model numbering, I’m actually asking whether you or anyone you know has seen this particular phone, because I need to talk to its owner.
It was sold on eBay via one of those junk-shop clearing houses, the kind of place that takes away everything from a defunct office in a skip, and works out what’s worth the cost of advertising and what’s going to landfill. The Snom trio was sold complete, and that’s all – I’m sure it isn’t economical for an outfit that measures its stock by the ton to spend much time diagnosing obscure SOHO networking equipment. That can be left to those with a speculative frame of mind, like me.
It would be immoral to allow those members of my UK family with relatives in Tasmania to make free with these phones and see how long it takes before the account is cut off
To be sure, that makes me part of a different, incredibly elite group of quasi-trainspotters, because as with so many network appliances, the only way you’re ever going to work out how to get into it is by plugging it in, then staring at the status display of whatever is performing your DHCP (be that a server or only your broadband router).
Once the device under observation wakes up and grabs an address, you can chase after it using the ping utility or your browser to see what it throws back at you. Some of these little toys – for example, a FRITZ!Box or an Iomega IX2 NAS – are remarkably sophisticated; others – such as the Snom – are quite the opposite.
Of course, I don’t recommend you blithely experiment with any old car-boot-sale junk that shows you a network port, but I’m able to fence off small ranges of ports on my main wired-up switch, as it’s managed. This means that any malicious payload connected to those ports is going to have a frustrated career path. I also doubt that the current crop of small network appliances are sufficiently capable or ubiquitous to become vehicles via which to infect your LAN – although as their software footprints grow, this possibility creeps ever closer.
Anyway, I plugged in the Snom base station, and up popped two of the three phones immediately. The last one didn’t appear, but I ignored that for two reasons. One reason was that the phone was saying it wanted the base station’s Reset button pressed to go through a registration/pairing process, and the other reason was that I had to go out. During my absence my partner came back, picked up one of the working DECT phones and made a call with it. That’s right, it worked, which if you know anything much about VoIP devices might seem as miraculous as the Virgin of Guadalupe. It seems these little Snoms don’t ask much of their local LAN: all they want is a DHCP and DNS server that can resolve the address of their real partner, which is a VoIP provider’s server up in the cloud.
So long as they can find their way home, they’ll auto-configure, which means their stored authentication to log into a SIP service provider has a fair chance of working. That’s assuming, of course, that nobody remembered (how) to delete said authentication data before putting these boxes out in the junk pile to sell off…
The SIP-hardened posse will now be grumbling that that’s by no means the only “if”. Plenty of SIP service portals will only respond to traffic requests from inside an ISP’s private customer network, so any configured device sold as part of that kind of deal and later returned to the wild would only work if it was reconnected to the same ISP/SIP provider. Then there’s an unknown variability in the way authentication is actually handled – is it that only one login per username/password is permitted? Maybe the next attempt will lock out the preceding device, or be itself refused. There are plenty of ways to configure such matters, and they’re entirely at the whim of the service operator, rather than immutably fixed in the definition of this type of network service.
Whatever the options for better SIP security, this particular case presents me with a slight moral quandary. It would be immoral to allow those members of my UK family with relatives in Tasmania to make free with these phones and see how long it takes before the account is cut off. Quite likely there’s the legal situation to consider, too, although I’d imagine there are complex legal issues surrounding the complicity that arises when someone fails to remove a password from a device that’s sold to a third party, along with full rights to sell it on to anyone in the world.
Some of the network tricks that allowed these phones to work are probably only a passing phase in the evolution towards a sensible, TCP/IP-based protocol for VoIP communication. Eventually there must be some kind of two-way authentication, perhaps with point-to-point encryption. Lord knows there’s enough variability in implementation of VoIP, and the standards often seem no better than distant and inaccurately orientated signposts (a far cry from the more familiar types of LAN traffic such as file-sharing or even streaming video).
Meanwhile, though, the risk of this kind of problem emerging may not look that serious to you. Okay, I can make free phone calls, at least until the previous owner’s next bill turns up with some unknown phone numbers on it, but then, given Skype and its kindred, surely voice communication is pretty close to free already, right?
Well, er, no – not strictly speaking. One of my clients kept running into trouble because it’s a small operation that has a global market reach; while it only has half-a-dozen phones connected to its SIP LAN-gateway system, those phones can be used to call all manner of weird and wonderful countries and network mixtures. The way this firm’s SIP-provider bills it is by drawing down a fairly small sum – roughly £10 – from the credit card associated with the SIP login, whenever its call credit dips below a trigger amount. The problem was that when ringing a mobile phone in Argentina, or Sweden, or Osaka, every so often your phone would ring, the recipient would get to say “hello” – and then beeeeeeeeeeeeep, that’s all.
After many frustrated emails (the phone service provider naturally only does support by email) it emerged that the reason for this beep was that the far-end phone company took a sceptical and jaundiced view of small, third-tier European SIP companies – and rather than accept the risk of an expensive call being unpaid at month-end, was in the habit of requesting escrow every time a call was made. Sometimes the amount drawn down at the start of such a call could be as much as £25, and the unused balance would be returned at the end of the call, but this of course comfortably exceeded what the SIP firm’s auto-billing gadget was pulling from the credit card firm. Bingo, magically floating credit card balances for the customer, and an error condition between the telephony companies at the money-moving, internet level rather than at the voice-moving, phone-call level.
It’s natural to think of credit cards, and indeed PayPal accounts, as being in need of much securing and defending, to be used only in very controlled situations with high guarantees of safety, and a strong conviction that the agent you’re dealing with really is the bona fide recipient of your funds. With these kinds of numbers being at risk in a clash of billing systems, SIP and mobile phones, it may well be that SIP logins and other authorisations to take money automatically ought to now be thought of in the same light.
My Snom base station was configured with internet-connecting passwords for the SIP provider, but the passwords that govern access to the tiny web server inside the device itself had been left set to the factory defaults. (I guess this means that my fear of pressing the Reset button on the back of the little box was unfounded, since clearly that resets only the DECT radio stage, not the software and configuration.)
So if anyone who has just cleared out their office – or upgraded their phone system – recognises this phone, please get in touch. You should at the very least have a little chat with whoever supplied it, and whoever removed it – and also make sure to change all your SIP passwords pretty toot sweet…