VoIP: SIP-over-TLS and sRTP: ALE

ALE was part of Alcatel-Lucent but was sold before the merger with Nokia. Today, ALE sells its phones under the Nokia brand ‘Alcatel-Lucent Enterprise’. Complicated? Do not confuse this company with another licensee of the Nokia brand ‘Alcatel’: ATLINKS who rebrands SIP phones from VTech. Complicated? Do not confuse those with ‘Alcatel Mobile’, again a licensee: TCL, who create their own GSM mobile phones. Complicated? ALE has their own platforms (OXE and OXO), and normally their phones work only with that. However, ALE bought Sipwise, who need Open-SIP phones. So, ALE created a special model range of their desk phones, the Cloud Edition (CE). Now, that is complicated! Thanks to Sipwise, I was able to get such a phone with an early production firmware. My contacts were extremely cooperative and fixed all of my several findings in weeks. However, the question remains, when this Cloud Edition is released, how does one get the latest firmware update?

Last tested firmware

1.51.02
retested in Dec. 2019 with 1.52.04

Configuration

Password:	admin/123456 has to be changed after first use
HTTPS:	enabled on default no HTTP server, you have to go for https://ip
Update:	Web → Maintenance → Binary Upgrade
Trust Anchors:	Web → Maintenance → Certificate Management Web → Settings → SIP → Advanced → SIPs Peer Verify: Enable
SIP-URI User:	Web → Settings → SIP → Account 1 → Device URI
SIP-URI Host:	Web → Settings → SIP → Account 1 → SIP server Web → Settings → SIP → Account 1 → Server type: Asterisk
SIP-over-TLS:	Web → Settings → SIP → Account 1 → Transport mode: TLS Web → Settings → SIP → Account 1 → SIP server port: 5061
SDES-sRTP:	Web → Settings → SIP → Account 1 → Srtp working mode: Best effort which is RTP/AVP + RTP/SAVP = sRTP is second; therefore Digium Asterisk (and DUStel which use Asterisk) do not go for sRTP Web → Settings → SIP → Account 1 → Srtp working mode: Strict which is RTP/SAVP

Software Bugs

DNS-SRV:	requires the Outbound Proxy to be set, and its port set to 0
DNS-NAPTR:	missing
Audio:	always does Discontinuous Transmission (DTX) even when Voice-Activity Detection (VAD) is disabled
NTP:	FQDN may not start with a digit, like 2.pool.ntp.org Mitigation: use a domain which starts with a char, like pool.ntp.org

Security

Bugs:	~~requires a private key signed by the same trust anchor as your server~~ fixed in Oct. 2019 with firmware 1.52
Privacy:	device phones home to rps.ce.al-enterprise.com ce.al-enterprise.com dev.eds.sipwise.com eds.sipwise.at Mitigation: Web → Settings → Network → DM → DM URL: any value SIP messages contain MAC Mitigation: unknown
Responsible Disclosure:	via PSIRT team
Firmware Update:	missing Automation missing Newsletter

Miscellaneous

time on display cannot be disabled
- Web → Settings → Device → Time → Time zone: Paris
  DHCP Option 42 overrules the Web interface. For example, with an AVM FRITZ!Box, which offers itself as an NTP server via DHCP but sends only UTC, the phone is going to display UTC without DST. You have to put a configuration file config.<mac>.xml on an HTTP(s) server which contains:
  <setting id="DmAdmcfgTimeZone" value="Europe/Paris" override="true" />
  However, in such a configuration file, two parameters are mandatory:
  - SIPServer1Address which is the SIP-URI Host
  - SIPGroup1DeviceUri which is the SIP-URI User
  (example file). Then, you enter the URL of its directory at:
  Web → Settings → Network → DM → DM URL
  The timezone sets the Daylight Saving Time (DST) automatically.
  Might break in the future. Leaves you behind (or before) with an incorrect time.
Web → Settings → Device → Audio → Tone country: Germany

Model Range

8078s CE, 8068s CE, 8058s CE, 8018s CE, 8008G CE, 8008 CE (tested)

Power Supply

5 V 1 A, Coaxial: 3.4 mm × 1.3 mm

← back to the other phones.