VoIP: SIP-over-TLS and sRTP: Avantec

A VoIP/SIP-based phone is nothing else than a computer. Although a desk phone has only one application, calling, a whole computer is required. Which operating system should one go? Who cares about the operating system? Who cares about the device drivers and their integration into that operating system? In the Netherlands, a company called Dialog Semiconductor (former SiTel Semiconductor) made a VoIP/SIP chipset including software stack called Rhea. That is based on μClinux. That sounds like a great idea in marketing papers. Does anyone care about that μClinux and apply the latest security findings? And who? Does anyone care about Rhea and apply the latest security findings? And who? When one link in that chain stops to do his work, the whole platform dies. For another former Rhea user, vTech, buying a whole different manufacturer was easier than to repair their platform. Go figure!

Last tested firmware

30 Jun, 2015

Configuration

Password:	Admin: avantec/admin User: user/1111 Phone: admin (center soft-key switches charset) Web → Admin → Set Password
HTTPS:	not available
Update:	Web → Admin → Upgrade
Trust Anchors:	not tested
SIP-URI User:	Web → Configuration → SIP Accounts → Register Name Web → Configuration → SIP Accounts → User Id
SIP-URI Host:	Web → Configuration → SIP Accounts → Registrar IP: FQDN works
SIP-over-TLS:	Web → Configuration → SIP Settings: ~~TLS~~ does nothing in my tests, TCP did DNS-A only and no connection; use UDP instead
SDES-sRTP:	Web → Configuration → Audio Settings → SRTP Mode: Optional (only for incoming) which is RTP/SAVP

Bad Defaults

These features are disabled on default, although they are automatically negotiated. Tests revealed they work. Therefore, no reason exists to disable those on default.

Session Timers:	Web → Configuration → SIP / NAT Settings
UPDATE:	Web → Configuration → SIP / NAT Settings
PRACK:	Web → Configuration → SIP / NAT Settings

Software Bugs

IPv6:	broken Phone does only DHCPv4 as with IPv4. It does not DNS-A but DNS-AAAA. However, that is not done on the VoIP server address but on its own IPv4 address. Go figure!
DNS-SRV:	missing for TCP and TLS; therefore DNS-NAPTR useless
Audio:	G.726-32 has the wrong endianness Mitigation: set ‘g726nonstandard=yes’ in your Digium Asterisk
DiffServ:	not enabled on default Mitigation for RTP: Web → Audio → ToS: `184`

Security

Bugs:	SIP-over-TLS does nothing in my tests. TCP did at least DNS-A but no connection as well. I had to use UDP. If you use UDP, the SDES-sRTP key is transferred in plain text providing no added security.
Responsible Disclosure:	not required
Firmware Update:	missing Automation missing Newsletter

Miscellaneous

time on display cannot be disabled
- Web → Admin → Network Applications → NTP: Off
  The user can set the time/date manually. The automatic settings might break in future because only predefined timezones are listed.
Web → Phone → Preferences → (Regional) Tone Type: for Germany, go for Netherlands or Denmark

Model Range

ALLWIN IP Phone657, IP657
Avantec PH637N (tested), PHA20N, PHA21N, PHA23N
KEDITEL 20N, 21N, 23N

Power Supply

9 V 0.5 A, Coaxial: 5.5 mm × 2.1 mm

← back to the other phones.