Linksys Vulnerablity (WAS [VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option)

[Larry Farmer]

Kinda far off the Vonage and 911 subject line.

I would broaden the concern to include firmware attacks on the Linksys 
TA.  There are a number of locations on the net which document how to 
crack the firmware of many Linksys products.  Some of this is intended 
by Linksys, some is not.  Linksys is reportedly making unintended 
cracking more difficult, but it is still possible.  I don't know how 
similar the Vonage TA is to their other networking devices, but I can't 
imagine the TA vastly different from the other products. 

>Date: Mon, 16 May 2005 10:13:35 -0700
>From: David Elbel <david.elbel at gmail.com>
>Subject: Re: [VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option
>To: Voipsec at voipsa.org
>Message-ID: <c514527905051610137e25e673 at mail.gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1
>
>There are people reportedly unlocking the linksys PAP2 from Vonage via 
>spoofing dhcp, then DNS and then spoofing a http request response / xml 
>config file(?) to point the device to your own VOIP system.The purpose is to 
>use the device as a general purpose FXS port in a make shift VOIP setup. 
>Apparently this is trivial once you have a test network and sniffer. The 
>only problem is that it is not practical in a production environment. 
>Nothing would stop an attacker from using the same method. However, a 
>solution to this problem (my suggestion is using PKI) would probably prevent 
>reverse engineering for compatibility purposes and there are far easier 
>attacks; for example social engineering. But then it could be argued time 
>and time again that the more exposure any product has on a market, the more 
>susceptible it becomes to any attack no matter how complicated it may 
>appear.