Topic 'Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99' in forum 'VOIP Tech Chat' - dslreports.com

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Sat, 14 Apr 2012 10:12:23 EDT

mazilo posted :

said by MichiganTel :

OBi110 Beta Testers

What that means is that long ago, back in the days when the only OBi device was the OBi110, he signed up to be a beta tester for new firmware. As did I, and a few other people. Now I don't know about him, but when I signed up, my understanding was that from time to time Obihai might push some beta firmware to my device, and that by signing up as a beta tester, I had given them permission to do so!

Now perhaps RonR forget that he signed up for that, but that would certainly help explain why the Obihai folks just might think it was okay to push firmware to his device. I know he's claiming they could do that without Auto Provisioning being enabled, but he's the only one I've seen make that claim, and until someone else proves this possible I've very skeptical, but even if they can, it may be because he signed up to be a beta tester. Anyway, I just found it interesting that in all this time he's been spreading all this FUD, he's neglected to mention that he's a registered beta tester.

Indeed that it was interesting and I am really glad to know. Thank you for sharing such useful information. ;)

Nevertheless, what you have said above clearly proves OBiHai has insidiously planted some backdoors to any OBi-1x0 device. According to what you said above, the fact that RonR had signed up as a firmware beta tester gives the right for OBiHai to send him the firmware by any means as stated in the agreement, i.e. e-mail, download, and/or even to directly push the firmware to the device. However, since the device had been configured not to contact OBiHai servers and with firmware upgrade disabled, OBiHai attempts to push the firmware upgrade to the device should fail because OBiHai server won't have the IP Address of the device and the device is set not to accept any firmware upgrade. The fact that it did not fail really shows that OBiHai server knew the IP Address of the device, had managed to contact and to make some connections (which it shouldn't have due to the device settings), and to take control of the device as well as to push the firmware upgrade. Such unwanted connections are what I called connections through backdoors. AFAIC, OBiHai has a good intention on this. However, when left open, such backdoors really pose security threats. We all know OS companies, i.e. Apple, Linux, MS, etc., work really hard trying to make sure their OSes do not contain any backdoors. If some backdoors are found, chances are they will promptly address the issue (except this one :D) to close the backdoors. I am sure crackers out there will not mind to take advantages and to exploit such backdoors in order to gain access to the device.

One other thing he's not mentioning is that things such as your Google Voice credentials are stored on the device, but they are NOT stored in the OBiTALK portal (if you change the password from the within portal it is stored briefly but then discarded after it's sent to your device).

I believe we all would like to believe that. The fact is RonR had configured his OBi-1x0 device not to contact any OBiHai server with firmware upgrade feature disabled, OBiHai was still able to access his device to perform some firmware upgrades. If OBiHai did this, what makes you think OBiHai does NOT store one's GV credentials in its system when using its OBiTALK portal services?

My understanding is that account passwords are never sent from the device to Obihai.

We valued your opinion. However, we really don't know.

NOW I'm done.

Perhaps not. ;)
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Sat, 14 Apr 2012 00:08:13 EDT

anon posted : I know I said I was through but I just realized something that's not been brought up in this discussion. RonR keeps acting so shocked that Obihai could push firmware to his device, and I wondered if that was his imagination or if something else was going on.

Then I happened to be on the OBiTALK forum and saw one of RonR's posts. Guess what's underneath his name? Go look for yourself; finding one of his posts shouldn't be difficult because there are so doggone many. Anyway, here's what it says:

OBi110 Beta Testers

What that means is that long ago, back in the days when the only OBi device was the OBi110, he signed up to be a beta tester for new firmware. As did I, and a few other people. Now I don't know about him, but when I signed up, my understanding was that from time to time Obihai might push some beta firmware to my device, and that by signing up as a beta tester, I had given them permission to do so!

Now perhaps RonR forget that he signed up for that, but that would certainly help explain why the Obihai folks just might think it was okay to push firmware to his device. I know he's claiming they could do that without Auto Provisioning being enabled, but he's the only one I've seen make that claim, and until someone else proves this possible I've very skeptical, but even if they can, it may be because he signed up to be a beta tester. Anyway, I just found it interesting that in all this time he's been spreading all this FUD, he's neglected to mention that he's a registered beta tester.

One other thing he's not mentioning is that things such as your Google Voice credentials are stored on the device, but they are NOT stored in the OBiTALK portal (if you change the password from the within portal it is stored briefly but then discarded after it's sent to your device). My understanding is that account passwords are never sent from the device to Obihai. On the other hand, I have always advised people to open a separate Gmail account for use with Google Voice, and not tie their Google Voice number to their main Gmail account, not only for security reasons but also because while you are logged into Gmail's web portal then incoming calls may not be sent to your Obihai device. So if you are in the habit of reading your e-mail in your web browser, you definitely want to create an additional Gmail account just to use for Google Voice.

NOW I'm done.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 23:37:12 EDT

anon posted : bbbc: Sorry, I did not test the T.38 functionality because I don't have a need to send faxes, and I only have my device connected to Google Voice and to an Asterisk server (no commercial providers). To be honest I don't even know if our Asterisk server supports T.38 because I've simply never had a reason to use it!

I know there are some businesses out there that still use faxes, but I'm just not interacting with any of them.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 23:07:31 EDT

RonR posted :

said by rblizz:

Even if/though OBihai has complete access to your ATA, what are they going to do with that access?

This discussion first arose in the Obihai forum (and I believe here also) in the context of security with regard to the SIP and Google Voice credentials (usernames and passwords) that are stored in the OBi. Google Voice credentials are typically the same as one's Gmail account, so the obvious concern. With the credentials for a user's SIP account, someone could potentially run up excessive phone charges on the user's account.

I was shocked when I discovered that Obihai could read the contents of my OBi and make changes to it after I had disabled the settings (Auto Provisioning) one would have expected to prevent such access. This occurs without the OBi being listed with or connected to the OBiTALK Web Portal.

I've never accused Obihai of being up to anything unscrupulous and I'm not aware of any suspicions of abuse. The problem is, with such capability available and undisclosed, a number of possibilities for abuse are possible:

- A rogue employee could harvest user's information without their knowledge.

- Obihai's system could be hacked, allowing access to user's information without their knowledge.

- The protocol supporting this capability could be hacked, allowing access to user's information without their knowledge.

My experience has not involved any malicious intent, although it's been quite annoying on several occasions to have firmware updates pushed unexpectedly (while Auto Firmware Update was set to Disabled) before I was prepared to receive them.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 22:38:33 EDT

bbbc posted : @MichiganTel Maybe I missed it in your thorough review, but did you test the T.38 functionality with a VoIP provider like Callcentric (that supports T.38 )?

--
Consumerist.com | Consumers Union

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 22:01:52 EDT

PX Eliezer posted :

said by rblizz:

Even if/though OBihai has complete access to your ATA, what are they going to do with that access? It's not like they can use it as a backdoor to your computer -- or is it?

As I understand it, mazilo's concern is that such a backdoor could be misused by someone else (a hacker or a cracker).

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 21:45:15 EDT

rblizz posted :

said by RonR:

I guess I missed the part where I was agreeing to allow total access and control by Obihai when I purchased their product.

Here's the thing I don't quite get. Even if/though OBihai has complete access to your ATA, what are they going to do with that access? It's not like they can use it as a backdoor to your computer -- or is it? Admittedly I don't know much about this, but my only concern (in my current state of ignorance) would be that they try to lock me out of my ATA, but I haven't seen anyone complain about that. But, again, I don't know that much about the whole process. I'm just trying to figure out why it's a big deal.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 21:39:02 EDT

rblizz posted :

said by PX Eliezer:

1) Review of the Obi-202
»voxilla.com/2012/04/13/obi202-vo···orth-it/

I wonder if there will ever be an "OBi-220" with the FXO port.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 20:42:55 EDT

PX Eliezer posted :

1) Review of the Obi-202
»voxilla.com/2012/04/13/obi202-vo···orth-it/

2) The whole backdoor controversy reminds me of another forum member (who has since passed away :( ) who was very knowledgeable and was often talking about undesirable changes that he felt MagicJack devices were making on customer PC's. People debated this back and forth endlessly but in the end this is as much about lines of belief as about lines of code.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 20:38:32 EDT

mazilo posted :

said by Mango:

If you want to write for me a list of specific conditions you want me to perform the test under, I would be glad to do that, if you would consider the results of my test to conclusively prove RonR's claims, and let the subject drop completely, if he is incorrect.

What I really wanna see is if any OBi-1x0 owners can replicate the result posted by RonR as shown in this post. This means it involves fail attempt(s) by an OBiHai tech/rep trying to reach the OBi-1x0 device given ONLY the unit's OBiTALK number while the device will be subjected to the configuration described by RonR in the above link. In other words, I am hoping any OBi-1x0 owners can prove and/or disprove claim by RonR.

When I see all these, I will be more than happy to include both your results and the post from RonR in my future post so that new comers will be better informed.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 20:31:56 EDT

anon posted : I'm not sure why the previous message was headed "reply to DaveSin", because it wasn't - it was a general reply to the thread.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 20:29:53 EDT

RonR posted : I think you're totally missing the issue.

said by Mango:

But, every VoIP provider encourages you to connect your device to them and never disconnect it.

If you connect your PAP2 or OBi to Callcentric and Anveo, are you telling me you expect them to be able to peer at the entire contents of your ATA, make configuration changes to it, and update the firmware in it even though you have a strong Admin password set along with Provision Enable and Upgrade Enable set to NO?

said by Mango:

For the record, when I set up my OBi, I read and understood their documentation perfectly.

I guess I missed the part where I was agreeing to allow total access and control by Obihai when I purchased their product.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 20:29:28 EDT

anon posted : I'm just going to add this and then I'm finished in this thread, because you can only say so much without it becoming redundant.

RonR has a long and checkered history in the Obitalk forum. But for some reason, he treats it as his calling in life to play the role of "guru" there. I personally think it's really sad that he apparently has nothing else to occupy his time, but he has helped a lot of people and many of them are quite appreciative. However, he's been on this vendetta against the OBiTALK portal, and my suspicion is that it's because it allows many people to set up their OBi devices without his help. Even though on average he posts around 15 times a day in the OBiTALK forum, give or take a little, perhaps that's not enough for him, and for some reason he wants all Obihai users to have to come to him for advice, and the existence of the portal is somehow a threat to him. I don't know that, but I honestly can't think of any other reason why he's been on this anti-portal kick.

I think what we are seeing here is part of that. He's trying to spread FUD about the portal and about letting Obihai connect to your device. Never mind that they only do this to deliver advertised services, and never mind that there is a way to disable the interaction with Obihai's servers, RonR will try his darndest to paint the OBiTALK portal as the essence of evil. This despite the fact that there is no documented evidence that Obihai has ever done anything that would compromise a user's security.

To put this in perspective, what RonR would have you do would be the be like buying a Boxee box and then never letting it connect to Boxee's servers, or buying an XBOX and never letting it connect to Microsoft. Sure, you can do that, but you are going to lose some functionality. With an Obihai device, you will lose the ability to configure your device from a remote location using the OBiTALK portal, you will lose the ability to use the OBiTALK network to place calls, you will find it more difficult to apply firmware updates (which often add new features and/or fix bugs), and if you have a problem or an issue Obihai support may have a much more difficult time diagnosing your problem, which will probably mean you go to the bottom of the list. And you lose the ability to use the configurations built into the portal that allow quick and easy setup of Google Voice accounts and many other types of Service Provider accounts, which are especially helpful to new users. If you are willing to accept that then fine, you can disable access to Obihai's servers.

There was one thing about RonR's post that I really thought was a case of someone who lives in a glass house throwing stones. He concluded with:

The result of all this is that the typical unsuspecting user is actually lured into opening the backdoor instead of being advised of its existence and given the choice of making his own security decisions.

But that is EXACTLY what RonR does, but in reverse, on the OBiTALK forums. When a new user asks for help, very often as part of RonR's instructions for resolving their problem, he tells them to disable access to the OBiTALK portal without explaining why, and without explaining that it's not necessary to do that to resolve their issue (they could make the same changes using the OBi Expert Configuration section of the OBiTALK portal and it would work just fine). He's not about user choice, he's about getting people (and especially new users) to avoid the OBiTALK portal, WITHOUT explaining the pros and cons of doing so.

I personally don't have any issue with someone avoiding the OBiTALK portal if they understand what they are giving up and make a conscious decision to do it anyway. I have a big problem with RonR telling people (and especially new users) to disable the portal when whatever problem they are requesting help on (usually a dial plan issue) has nothing to do with the portal, and then coming in here and acting as if Obihai is doing something wrong by not giving new users some kind of disclosure that most wouldn't understand anyway (remember, many Obihai buyers are not nearly as experienced as those of us in this forum). And whether RonR likes it or not, the fact is that most inexperienced users are going to appreciate the simplicity of using the OBiTALK portal to configure their device, because it makes configuration a relatively painless process (in fact it's usually harder to configure Google Voice than the Obihai device).

If you truly fear that Obihai is going to do something horrible if they are able to access your device, despite the fact that no one has ever reported anything like this actually happening, then you could follow the instructions in the message I linked to in my previous post in this thread and disable Obihai's access to your device. If you don't want Obihai to actually be able to fix problems that you report to them, then disable their access.

I find RonR's claim that "countless users" have seen Obihai take "full access and control of their OBi", "without any assistance or cooperation whatsoever from the user, and without any obvious way to prevent it" downright ridiculous. If "countless users" were upset about that, the Obihai forum would be FULL or such complaints, and this forum probably would also. Yet I've never seen ONE such complaint apart from RonR's (there may have been more, but certainly not the flood of complaints that RonR's post implies). The truth is that if you report an issue and it requires a tweak in the firmware to fix it, AND you are using the OBiTALK portal, then Obihai might in rare cases push a beta firmware to your device to see if it fixes the problem (usually it does, in my experience) and that could take your OBi offline for a minute or so (maybe a bit longer with an OBi202). But they would only do that in an attempt to fix an issue that you have reported. Now, personally, I think that's a good thing - imagine, a company that actually tries to fix issues reported by customers - yet RonR would have you believe it's the root of all evil. I should also note that in my experience, the OBi will never apply a firmware update, or even a configuration update (that you have made using the OBiTALK portal) while you are in the middle of a call.

My point is that RonR is making totally unsubstantiated and even ridiculous claims, all to further his own twisted agenda of steering people away from the OBiTALK portal. Apparently he doesn't even care if he hurts Obihai's sales, as long as he can advance his agenda, and as I said, my suspicion is that the real reason he doesn't like the portal is because it reduces users' reliance on him as the all-knowing guru of everything Obihai.

I do understand that some people in this particular forum probably feel that Obihai should give some expanded explanation of pros and cons of using the OBiTALK portal to new users. But please remember that most buyers probably are not as technically astute as this crowd. If they buy an OBi device, they want to be able to configure it (usually to work with Google Voice) as easily as possible. If they have an issue and write to Obihai support, they want Obihai to be able to fix it, without being asked to provide a bunch of technical information they don't understand. The Obihai devices are literally the first VoIP devices that your non-techie mom or dad would have any chance of getting up and running without your assistance. If RonR had his way, they'd need a "guru" (like him?) to do these configuration tasks.

Now, having written this much-too-long tome (I'm just waiting to see who will be the first to quote that line and say "I agree!"), I'm going to bow out of this discussion. There are those who will never be convinced that Obihai is not up to something, and I don't know what else I could say that would placate them. But to everyone else I would say, when you actually hear of this connection to Obihai's servers being used in some manner you'd disapprove of, then would be the time to raise the alarm. But to do so prematurely kind of puts you in the position of "the boy who cried 'wolf'", when there was actually nothing to see.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 18:35:16 EDT

Mango posted : DogFace05 does not (as far as I'm aware) sell VoIP services. So no, he doesn't. But, every VoIP provider encourages you to connect your device to them and never disconnect it.

You can of course block any VoIP provider or OBiTALK from accessing your device, by discontinuing use of their services.

For the record, when I set up my OBi, I read and understood their documentation perfectly.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 17:57:09 EDT

RonR posted :

said by Trev:

said by RonR:

Can someone read the entire contents of your Linksys ATA's and other devices, make configuration changes to them, update the firmware in them, etc. even though you've set very strong administrator passwords in the device itself (and nowhere else) and don't wish these accesses to occur?

I'd put money on yes. DogFace05 seems to have some tricks up his sleeve with the Linksys ATAs.

But does DogFace05 aggressively encourage users to connect a device to his service and never disconnect it, without informing you that by doing so, he will total access to and control over your device and you will have no way of preventing it?

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 17:34:01 EDT

Trev posted :

said by RonR:

I'd put money on yes. DogFace05 seems to have some tricks up his sleeve with the Linksys ATAs.
--
Wondering what I do? Find out at »www.digitalcon.ca

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 17:29:18 EDT

RonR posted :

said by Mango:

Of course, the Linksys family of ATAs can also be accessed remotely, if not placed behind a firewall. As can every other device I own, that can be connected to the Internet.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 16:45:20 EDT

Mango posted :

said by RonR:

It's entirely possible that my failures to prevent unexpected accesses to my OBi by Obihai were the result of a persistent and/or static IP address and/or the absence of a NAT-based router

That definitely would explain things.

Of course, the Linksys family of ATAs can also be accessed remotely, if not placed behind a firewall. As can every other device I own, that can be connected to the Internet.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 15:29:11 EDT

RonR posted : It's entirely possible that my failures to prevent unexpected accesses to my OBi by Obihai were the result of a persistent and/or static IP address and/or the absence of a NAT-based router, as I have a number of OBi's in service, some of which fall into one or more of those categories. However, I don't believe the actual cause should be the focus of concern. As countless users have experienced after reporting a problem to Obihai, full access and control of their OBi can be taken over by Obihai without any assistance or cooperation whatsoever from the user, and without any obvious way to prevent it.

Obihai products are delivered with Auto Provisioning and the OBiTALK Service enabled by default. The setup instructions emphasize connecting the device to the OBiTALK Web Portal, to the point that most new users think it's a requirement. Obihai strongly discourages any user from removing the device from the OBiTALK Web Portal, or disabling Auto Provisioning and manually configuring the device, emphasizing there's no need to and inferring that by doing so, some of the capabilities of the device will be disabled. Several of the selling points of the device, such as linking multiple OBi's and smart phones using OBiON applications, rely on the OBiTALK Service being enabled, so a user is not likely to consider disabling it.

The result of all this is that the typical unsuspecting user is actually lured into opening the backdoor instead of being advised of its existence and given the choice of making his own security decisions.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 15:23:07 EDT

Trev posted : Windows certainly doesn't have any backdoors, which could do much more damage to your privacy and security than a measly little ATA... :p

If you protect your Windows, just protect your OBi the same way, and it's irrelevant what kind of security flaws it may have.

By the way, my girlfriend looks at me funny any time she hears me explaining how an o.b. can provide phone service. She thinks they're only good for plugging leaks :)
--
Wondering what I do? Find out at »www.digitalcon.ca

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 15:14:55 EDT

borntochill posted :

said by gerick:

said by Mango:

I could do that. I have an OBi110 with OBiTALK Service, provisioning, and firmware update disabled. It isn't added to the OBiTALK Web Portal. I could load Wireshark on a laptop, connect everything with a hub, and leave it for a week. Then I could filter my VoIP provider's IP address out of the results and inspect them. If there is any communication with Obihai, it should be trivial to see.

Mazilo, would that be an acceptable method of testing for you?

That only proves that the backdoor is not being accessed. It doesn't prove that the backdoor doesn't exist. :D

(Note: I own an OBi100 and am very happy with it.)

True. We can't disprove the existence of an Obi backdoor, just like we can't disprove the existence of the Invisible Spaghetti Monster. I shall accept the risk of an unproven backdoor just as I accept the risk that I will face an eternal damnation of being pelted with meatballs in the afterlife for my lack of fealty to the ISM.

Edit: an Obi202 is on its way to me from Amazon.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 12:12:03 EDT

Mango posted : If you want to write for me a list of specific conditions you want me to perform the test under, I would be glad to do that, if you would consider the results of my test to conclusively prove RonR's claims, and let the subject drop completely, if he is incorrect.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 12:09:39 EDT

gweidenh posted :

said by mazilo:

said by gweidenh:

Translation:

Nothing you do will prove RonR wrong.

That's your translation and can be proven right or wrong.

Translation:

I don't even know what I am saying anymore.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 12:08:18 EDT

mazilo posted :

said by gweidenh:

Translation:

Nothing you do will prove RonR wrong.

That's your translation and can be proven right or wrong.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 12:04:51 EDT

gweidenh posted : Translation:

Nothing you do will prove RonR wrong.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 12:01:15 EDT

mazilo posted :

said by Mango:

The point of such an exercise, if the results were as I anticipate, is to prove the post you keep referencing is not correct. (Or, alternately, that I am wrong and it IS correct.)

Let me ask you this: what would you consider an appropriate resolution to this issue, that would make you agree that such a "backdoor" does not exist?

Mango, it is not what I have agreed or disagreed. However, if done correctly, it will prove or disprove such backdoors claimed by RonR and not me. The term correctly in this context is exactly done by RonR to discover the backdoor issues. Otherwise, we will be trying to prove two different situations that may and/or may not yield the same results. If the results differ, this still doesn't mean what RonR claimed is wrong. If your results affirm to what RonR said, then at least we can prove the existence of backdoors with more than one approach. This way, at least we can straighten out the issues for posterity shake.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 11:50:41 EDT

JoeSchmoe007 posted :

said by Mango:

I don't have a horse in this race but let's be realistic: if we are talking about REAL proof no amount of traffic monitoring can prove backdoor doesn't exist. All traffic monitoring can prove that device haven't tried to call home within the period when it was monitored.

The only way it can be proved is if the complete source for the firmware is released, inspected LINE BY LINE by the third party and compiled to make sure this is the same binary as used on devices. But even then (I am speculating because I am not a hardware engineer) compiled firmware can make some function calls to the other code residing on hardware chips that cannot be easily inspected.

So in a nutshell the fact of proving something doesn't exist is often more complicated that proving something does exist. DUH!

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 11:42:10 EDT

Mango posted : The point of such an exercise, if the results were as I anticipate, is to prove the post you keep referencing is not correct. (Or, alternately, that I am wrong and it IS correct.)

Let me ask you this: what would you consider an appropriate resolution to this issue, that would make you agree that such a "backdoor" does not exist?

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 11:34:54 EDT

mazilo posted :

said by Mango:

Mazilo, I have a serious question for you. What makes you believe a single user's anecdote and take a stand for this issue in front of the whole forum?

In case you ask what makes me disbelieve it, the answer is that I tried to reproduce the behaviour and failed.

If you read ths post, RonR clearly indicated his device got compromised even all the features related to provisions, etc., were disabled. To me, this is a serious issue, especially everyone here seemed to take it lightly.

In your post above, you volunteered to investigate the backdoor issues and I mostly welcome that. This way, in the future whenever I reference this post RonR, I will include a reference to your post that will show the results.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 11:15:39 EDT

mazilo posted :

said by DaveSin:

said by mazilo:

However, what worries me is having the backdoors open awaiting crackers out there to exploit, especially if the device is used with paid GV services using real ID.

Let's be practical here. With the OBi1x0 on the Market for well over a year and half and with many many thousands of units deployed all over the world, I have yet to hear of a single case of these device being "hacked" or compromise in any way, shape or form.

I am glad you quoted my post to show that I never claimed an OBi-1x0 device got cracked. BTW, this link really indicated an OBi-1x0 device got compromised without a consent of its owner.

What does that tell you Mazillo? I let you form your own conclusions!

My conclusion is your remarks above don't tell me any thing at all.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 11:06:29 EDT

mazilo posted :

said by toro:

said by mazilo:

This post clearly indicates an OBi-1x0 was remotely accessed by an OBHai without the consent of the owner when it was configured to not let outsider to poke in.

And once again you make a claim based on someone else's experience.

That is RonR claim and I merely pass it along to inform and educate readers here of such backdoor issues.

Other forum users have reported right here on the forum that the Obihai access can be disabled.

I don't dispute that. I also did not dispute about this post.

I don't see a problem warning people that the provisioning on the device is turned on by default in order to allow the device to be configured through the Obihai portal (this is what you call the backdoor) but you should not make any further claims without any experience with the device and without trying yourself to turn off all the provisioning and verifying whether the device still communicates with the Obihai network or not.

I know what you meant. However, when it comes down to a backdoor issue, it concerns me a lot because I just hate to see any victims out there gets exploited by something that can be prevented.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 10:19:28 EDT

Mango posted : Not necessarily. In order to access my ATA, Obihai has to know where it is, i.e., what my IP address is. That's not to mention the issues associated with accessing any device that is behind NAT, with no port forwarding or DMZ.

In order for anyone to access my device, there has to be some sort of communication originating from it.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 10:08:44 EDT

gerick posted :

said by Mango:

That only proves that the backdoor is not being accessed. It doesn't prove that the backdoor doesn't exist. :D

(Note: I own an OBi100 and am very happy with it.)

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 09:48:33 EDT

Mango posted :

said by MichiganTel :

I once suggested maybe you should obtain an Obihai and do some objective testing using Wireshark or some similar tool

I could do that. I have an OBi110 with OBiTALK Service, provisioning, and firmware update disabled. It isn't added to the OBiTALK Web Portal. I could load Wireshark on a laptop, connect everything with a hub, and leave it for a week. Then I could filter my VoIP provider's IP address out of the results and inspect them. If there is any communication with Obihai, it should be trivial to see.

Edit: I'll also obtain a new public IP address from my ISP.

Though I am very confident in MichiganTel's honesty, for the record, I was given no such free OBi device ;)

Mazilo, would that be an acceptable method of testing for you?

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 09:29:37 EDT

anon posted : mazilo, once again, the post you cited comes from one guy with an axe to grind. If you want to try and impute motives to people, why do you not notice that the guy who posted that is far and away the most prolific poster in the Obihai forums and tries to come off as some kind of high and mighty expert there, but then he comes here and badmouths Obihai and makes totally unproven accusations, which are NOT supported by any objective evidence. The reason I say he has an axe to grind is that he apparently just hates the OBiTALK portal and for some reason tries his hardest to discourage anyone else from using it. It's simply a matter of someone trying to impose his personal preferences on everyone else, but the way he's gone about it makes me think he's a backstabber (just my opinion), and frankly I don't know why the Obihai people allow him to monopolize their forums. Well, actually I do - he's one of the few people that seems to fully grasp Obihai dial plans, and in that regard he has helped a lot of people. I just don't know if that alone makes it worth putting up with all the other B.S. he dishes out, such as what we're discussing here.

If there were any PROVEN "backdoor issues" I would be the first to say they should be disclosed to potential buyers. The fact is that there aren't any. I once suggested maybe you should obtain an Obihai and do some objective testing using Wireshark or some similar tool, so you could actually speak from an informed position rather than simply repeating someone else's B.S., and you made it pretty clear to me that you had no interest in buying an Obihai (which makes me wonder why you're so obsessed with this supposed "back door").

Finally, just because I have not registered on this forum doesn't make me totally "anonymous" - my blog is at michigantelephone.wordpress.com and my contact e-mail address is shown on the blog page. I understand your desire to resort to an "ad hominem" attack when you have no factual information to support your position, but it's not as though I'm trying to conceal anything (that's the reason I included my disclosure). If I didn't honestly believe that Obihai has a superior product, or if I really believed that there was anything to this "back door" stuff, I'd probably just not post anything at all. But you can't pay me enough to shill or lie for a company (and certainly a few free devices wouldn't do it). My only motivation for "protecting Obihai" would be to point out when someone is making baseless (and untrue) allegations based solely on the word of someone who I consider untrustworthy in the first place. I actually LIKE the Obihai devices - they may not be "perfect" but they sure work a lot better than anything I've used in the past, and are far more configurable. And for those who use Google Voice, they connect far more reliably than Asterisk (don't even get me started on that).

And if I were secretly working for Obihai in some capacity, I probably wouldn't be saying anything about the guy who made the post that you love to link to, because they seem to tolerate him. I don't know how, but they do. If I were going to say anything bad about Obihai, it would be that they allow one person to monopolize their forums. But, that's their decision to make, not mine.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 09:06:59 EDT

Mango posted : Mazilo, I have a serious question for you. What makes you believe a single user's anecdote and take a stand for this issue in front of the whole forum?

In case you ask what makes me disbelieve it, the answer is that I tried to reproduce the behaviour and failed.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 08:38:06 EDT

DaveSin posted :

said by mazilo:

However, what worries me is having the backdoors open awaiting crackers out there to exploit, especially if the device is used with paid GV services using real ID.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 08:36:13 EDT

mazilo posted :

said by MichiganTel :

Unfortunately, certain people have an unhealthy paranoia (and a lot of unproven accusations, mostly fomented by one guy who in my opinion is not a credible source because he has an axe to grind). However, my post tells you exactly how to disable the so-called "back door" should you choose to do so, and no one has ever proven that taking those simple steps does not disable whatever it is they are worried about.

No one disputes that the device comes with some built-in features to disable backdoors. However, this post clearly indicated the device phoned home to allow OBiHai to come in with all those features disabled. You may disrespect and/or discredit a legitimate poster of such a post, but you posted here using an anonymous account.

At least one of the people who is expressing his fears in this forum has never even owned an Obihai device, and has indicated that he probably never will, so obviously he's never run any objective tests to back up his beliefs. He's entitled to buy or not buy whatever VoIP device he likes for whatever reason he likes, but that doesn't mean his fears are rational.

Whether one is concerned about the backdoor issue is not for me to judge. However, I believe readers here have the rights to know such backdoor issues.

The bottom line is that if you are the sort of person who won't let software auto-update because you are afraid the software company will put a trojan horse or virus on your machine, then you'll probably want to disable the features in the Obihai device that communicate with Obihai's servers (and that is easy to do).

It may be easily done. However, whether it is effective or not is another story and this post speaks for itself.

Full disclosure: I have received one of each of the three models of the Obihai devices (at no cost to me) for review purposes. But that's not why I'm posting this comment - I just hate to see baseless accusations against a product that I personally consider to be much more advanced than any similar competing product.

Now I know why you went all the way to protect OBiHai and it really makes sense!
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 08:25:50 EDT

toro posted :

said by mazilo:

This post clearly indicates an OBi-1x0 was remotely accessed by an OBHai without the consent of the owner when it was configured to not let outsider to poke in.

And once again you make a claim based on someone else's experience. Other forum users have reported right here on the forum that the Obihai access can be disabled.
I don't see a problem warning people that the provisioning on the device is turned on by default in order to allow the device to be configured through the Obihai portal (this is what you call the backdoor) but you should not make any further claims without any experience with the device and without trying yourself to turn off all the provisioning and verifying whether the device still communicates with the Obihai network or not.
--
Providers: voip.ms, freephoneline, smartcall.ro through asterisk. Hardware: Vonage VDV21, Moto VT2x42, Linksys SPA series, Grandstream HT series, Panasonic KX-TGP5x0
»www.voipfan.net

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 08:15:08 EDT

anon posted : rblizz, please keep in mind WHO is making the "back door" accusations. Then see my post here, where I attempted to address this issue with accurate information:

www.broadbandreports.com/forum/r27007692-

Unfortunately, certain people have an unhealthy paranoia (and a lot of unproven accusations, mostly fomented by one guy who in my opinion is not a credible source because he has an axe to grind). However, my post tells you exactly how to disable the so-called "back door" should you choose to do so, and no one has ever proven that taking those simple steps does not disable whatever it is they are worried about.

At least one of the people who is expressing his fears in this forum has never even owned an Obihai device, and has indicated that he probably never will, so obviously he's never run any objective tests to back up his beliefs. He's entitled to buy or not buy whatever VoIP device he likes for whatever reason he likes, but that doesn't mean his fears are rational.

The bottom line is that if you are the sort of person who won't let software auto-update because you are afraid the software company will put a trojan horse or virus on your machine, then you'll probably want to disable the features in the Obihai device that communicate with Obihai's servers (and that is easy to do). But for the majority of us who are not of the tinfoil hat crowd, there's nothing to see here.

Full disclosure: I have received one of each of the three models of the Obihai devices (at no cost to me) for review purposes. But that's not why I'm posting this comment - I just hate to see baseless accusations against a product that I personally consider to be much more advanced than any similar competing product.
___
First look at the Obihai OBi202 VoIP device:
is.gd/OBi202

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 08:09:10 EDT

mazilo posted :

said by toro:

said by mazilo:

The answer to your question varies from one individual to another. I personally won't waste my $$$ on any new products, particularly this one for a number of reasons. One reason, which is my main concern (YMMV), is whether OBiHai has planted some backdoors on this device as it does on all of its OBi-1x0 devices.

Ah, I remember it like yesterday when you used to recommend Obi-1x0 devices to everyone who was asking on the forum. And again you were doing it without any personal experience with them.

I do believe readers here need to be aware that OBiHai has insidiously planted backdoors on its OBi-1x0 devices and that doesn't mean it will and/or won't insidiously plan the same backdoors on its new devices for the same purposes. That is fine with me. However, what worries me is having the backdoors open awaiting crackers out there to exploit, especially if the device is used with paid GV services using real ID. This post clearly indicates an OBi-1x0 was remotely accessed by an OBHai without the consent of the owner when it was configured to not let outsider to poke in. As I mentioned before, one can always create some new GV accounts with fake ID to use free GV services on any OBi-1X0 device and this also applies to the new OBi device. So, it is safe to mention it here to educate readers about the backdoor planted by OBHai on its Obi-1x0 devices and nothing is wrong about. If you don't like that, just feel free to take a hike and nobody here will stop you. :p
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Fri, 13 Apr 2012 07:47:58 EDT

toro posted :

said by mazilo:

Ah, I remember it like yesterday when you used to recommend Obi-1x0 devices to everyone who was asking on the forum. And again you were doing it without any personal experience with them.
--
Providers: voip.ms, freephoneline, smartcall.ro through asterisk. Hardware: Vonage VDV21, Moto VT2x42, Linksys SPA series, Grandstream HT series, Panasonic KX-TGP5x0
»www.voipfan.net

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 22:34:31 EDT

anon posted : What is the thruput speed when connected after a highspeed modem and before a router? As in Linksys SPA2102 the maximum download speed is limited to 7.3Mbs although when you have a 28Mbs HS subscription which was the drawback of that model however with the new SPA122 the reported speed is now 21Mbs.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 21:13:55 EDT

JoeSchmoe007 posted :

said by PX Eliezer:

said by mazilo:

I gather the word you means the owner of the device and not anyone from OBiHai, right?

It actually hypnotizes you when you sleep using EM waves.

Then when the customer wakes up, they respond: "I hear and I Obi".

That is only if you purchase wireless dongle. If you don't - they still get you with blinking lights.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 21:05:00 EDT

rblizz posted :

said by JoeSchmoe007:

Is it safe to become "early adopter" (I don't have Obi 1**)? I am OK with firmware upgrades but a bit concerned about possible hardware bugs in early version of the device. How was Obi 1** in that respect?

I'm never an "early adopter." Even the best companies often have issues when products first go into full production. OBi does have a good reputation, however -- though I'm still curious about why they have a back door (at least -- I'm told -- they have one in their older products and no one seems to dispute it).

I don't use Google Voice so that feature is not an attraction for me. I don't know what Google's plans are for GV and don't want to wonder every year what's going to happen in the future.

What does interest me is the wireless capabilities. I'm guessing it will require the special OBi USB wireless dongle. But, not having the best experience with these dongles, I'm wondering how powerful and reliable it will be. I understand why VoIP providers would be interested in the OBi202, it's an all in one solution, but the cheapskate in me would rather "do wireless" the way i already do it.

I've got an Asus WL-320gE that is powerful (range of 850 meters in open space), which I use as a client and wireless bridge (URE mode). The Ethernet port allows me to hook it up to a wired switch and we run two computers and the SPA2102 off of that. (Plus my wife's tablet, our cell phones and the kid's WiFi gaming counsels connect through it). The 2102 cost about $25 on eBay and the 320gE (new) costs $25 plus s/h. The switch is a generic Dynex and sold for $5 on clearance at Best Buy. At $25 the Asus WL-320gE costs less than a dongle -- still available on eBay. Last time I bought two I offered $20 each and the seller accepted the price ...

»www.ebay.com/itm/Asus-Wireless-A···3wt_1137

Be aware that the manual is this product's weakest link -- it's in "almost" English. You can read more about it at Asus' site (where the manual can be downloaded) ...

»usa.asus.com/Networks/Wireless_R···overview

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 20:36:58 EDT

PX Eliezer posted :

said by mazilo:

I gather the word you means the owner of the device and not anyone from OBiHai, right?

It actually hypnotizes you when you sleep using EM waves.

Then when the customer wakes up, they respond: "I hear and I Obi".

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 20:27:20 EDT

mazilo posted :

said by JoeSchmoe007:

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 18:34:49 EDT

JoeSchmoe007 posted : Is it safe to become "early adopter" (I don't have Obi 1**)? I am OK with firmware upgrades but a bit concerned about possible hardware bugs in early version of the device. How was Obi 1** in that respect?

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 16:16:28 EDT

mazilo posted :

said by wcweaver:

said by brg:

Mazilo -- we're going to have to chip in soon to buy you a tinfoil hat... ;)

(Edit: prompted by mango's comment -- which I read before it was withdrawn.)
:p

Heck, wearing a tinfoil hat is the only way I can get my VOIP to work properly! :D

Hush, you just revealed one of my projects. Cheers.

WOW, I just realized that I have been on this forum for over ten years, boy does time fly! :)

Those who are far from 10 years must envy you. ;)
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together.

Re: OBi202 VoIP ATA w/Router, available from Amazon for $74.99

Thu, 12 Apr 2012 16:07:51 EDT

wcweaver posted :

said by brg:

Mazilo -- we're going to have to chip in soon to buy you a tinfoil hat... ;)

(Edit: prompted by mango's comment -- which I read before it was withdrawn.)
:p

Heck, wearing a tinfoil hat is the only way I can get my VOIP to work properly! :D

WOW, I just realized that I have been on this forum for over ten years, boy does time fly! :)