Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

phone bill fraud with SPA3102.

Hello,

 

I have a question if there is known abuse with the Linksys SPA3102? My parents got a phone bill of more than 700 euro for calling a foreign number on their PSTN line.

 

They claim the have never dailed the number and I wouldn't know either why the should call that number.

Their dailplan routes all calls to their voip provider and only numbers starting with 9# to the PSTN line.

 

The SPA3102 is running the latest firmware (5.2.13 feb-05-2012) and has a complex password of 14 characters of which two special characters.

The setup of the SPA3102 is unchanged since last year.

 

The network setup is <internet provider router> <apple airport extreme> <spa3102>.

It worked flawless for two years. The router of my internet provider was in bridge mode.

Last week they set it in router modus again. To avoid having two routers to forwards ports I setup the router of my internet provider to forward all traffic to the DMZ (apple airport extreme).

And now we have this enormous phone bill!

 

Is it possible for someone that breaks into the network to use the SPA3102 to make a call? I thought you could only make a call from the connected phone and not from the network connection.

 

Please give me advise on these questions so I have some information to explain to my parents and the phone provider.

I think it is clear I compromised security but what do I need to do to be sure it is safe again? The internet provider modem is back in bridge mode now.

 

Kind Regards,

 

Noud Klaver

The Netherlands

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: phone bill fraud with SPA3102.

While not being familiar with this device I offer analog advice from the obihai forum for the obi110/obi202.  Those device have a field to limit contact to a white-list of IP addressess.  Additionally creative use of dial plan constrains dial requests to the registered username.

Are there such configuration options on your device?

Else could your setup constrain contact to the device otherly?

$0 texting == xmpp texting
8 REPLIES
Gold

phone bill fraud with SPA3102.

Noud,

It is possible that someone was able to steal the account credentials and add them to another device to make the calls. Here is an article about toll fraud that may help to explain what happened:

http://insights.wired.com/profiles/blogs/toll-fraud-challenges-and-prevention-in-a-voip-environment#axzz2bEbMpPQj

- Marty

New Member

phone bill fraud with SPA3102.

Hi Marty,

Thank you for the article. I don't think it's only the credentials that were stolen. Their phone line was busy too when someone tried to call my parents. Thier phone provideren detected the fraud but by then the bill already reached over 700 euro's (almost 1000 dollar).

I most wonder if it is posible to setup a call from within the ethernet network through the SPA3102?

Or is it only posible the make calls through the connected phones?

Noud

Hall of Fame Super Gold

Re: phone bill fraud with SPA3102.

I most wonder if it is posible to setup a call from within the ethernet network through the SPA3102?

Yes it is possible.  There are many free Open source VoIP systems, like Asterisk.

But the important bit of information is the username/password.


Talk to the VSP and ask them how many characters will the voice authentication server accept and generate a strong password.

New Member

Re: phone bill fraud with SPA3102.

I'm pretty sure it not the admin account that is hacked. That has a strong password and nothing in the setup has changed.

I talked to the VSP and they say it is PABX hacking. I believe them but what do I have to change in the SPA3102 so that it will only accept calls from the phone line and blocks all request for calls that come from the ethernet connection?

Hall of Fame Super Gold

Re: phone bill fraud with SPA3102.

in the SPA3102 so that it will only accept calls from the phone line and blocks all request for calls that come from the ethernet connection?

You mean allow only incoming calls from POTS and disable all VoIP?  I don't think it is possible for anyone to determine if an incoming call is a POTS or VoIP. 

Ask the VSP WHERE was the hack directed at?   Was the hack directed at your SPA3102 or what?  How was the hack?

I mean did the perpetrators use another VoIP system and logged in somewhere else?  If this is the case, then there's nothing you can do about it but contest any future bills that arises. 

I'm pretty sure it not the admin account that is hacked. That has a strong password and nothing in the setup has changed.

Just to make sure, generate a new set of password.  Your current password may have already been compromised.

You could also upgrade the firmware of your SPA.

New Member

Re: phone bill fraud with SPA3102.

While not being familiar with this device I offer analog advice from the obihai forum for the obi110/obi202.  Those device have a field to limit contact to a white-list of IP addressess.  Additionally creative use of dial plan constrains dial requests to the registered username.

Are there such configuration options on your device?

Else could your setup constrain contact to the device otherly?

$0 texting == xmpp texting
New Member

Re: phone bill fraud with SPA3102.

I found the problem. Thanks to all who tried to help.

In the PSTN line settings is a option to Disable the Voip to pstn gateway!!

This was enabled and the were no pin codes. Also were the ports forwarded in the router.

I removed the forwarded ports from the router, so now it is not posible anymore to reach the SPA from the internet (incomming calls come from the PSTN line).

And I disabled the VOIP to PSTN gateway. Big mistake from me that was very costly but now it is secure again (I hope).

VIP Gold

Re: phone bill fraud with SPA3102.

Big mistake from me

We arranged a bill limit with our upstream operator. It's set to about 400% of our casual bill. It is telco's responsibility to block the line if current fee become over limit. We will pay the fee above limit in no case.

The future experiences may be costly, but should not be very costly if you can ask the Telco for such service. Because nobody's perfect.

1255
Views
0
Helpful
8
Replies
CreatePlease to create content