Marcus Adolfsson wrote:> Message
> Just a quick note to people looking for SIP firmware images for Cisco
> phones:
>
> To access these files from Cisco's website, you need to have a Service
> Contract (SmartNet) on at least on of your phones. I though a contract
> was several hundred dollars, but it is way cheaper! Their lowest
> level, 1 year Next Business Day 8x5 SmartNet program, costs around
> $70.00, and gives you unlimited access to the all SIP images (including
> the recently released v5.1).
>
i see from the cisco release note:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/english/ipp7960/addprot/sip/relnote/phnrn50s.htm
that since 5.0 the binary image is signed and you won't be able to
downgrade anymore..
i'm wondering which security concerns are driving this "feature"..
IMHO the main security issue should be don't trust tftp as a transfer
protocol to download "user&pwd" and dial-plans in an ASP voip
provider
world, but who know
do you know if someone tried to "reverse engineer" or
"enhance" the
cisco ip phone firmware?
bye
================================================= Image Authentication and
Signed Binary Files
Cisco has added image authentication to its various IP Phone Protocols.
With the addition of image authentication, the binary image can not be
tampered with prior to being loaded into the phone. Any tampering with
the image causes the phone to fail the authentication process and reject
that image. The image authentication is done through signed binary files.
This release does not use regular binary files as did previous releases
but only accepts signed binary files. This step improves IP Phone
security on the Cisco 7960/40 IP Phones. However, the use of signed
binary files does not allow returning to an earlier software release.
Once Cisco SIP IP Phone 7940/7960 Release 5.0 is installed, it cannot be
replaced with any previous release.
===================================================