Goip firmware contains a link to a porn site

snaggy · January 30, 2021, 5:24pm

I found that the official firmware for goip -1 (http://dbltek.com/update/GHSFVT-1.1-67-5.pkg) contains a link to a porn site
the link is in the file /usr/etc/syscfg.default (SIP_RC4_KEY=“etoall.net”)
in the web interface you can find this link in the section: Advance VoIP - Signaling Encryption - RC4 - RC4 Encryption Key
I do not know how this link is used by hardware and software
maybe this is just a joke from Chinese manufacturers

billsimon · January 30, 2021, 5:54pm

What does this have to do with FreePBX?

snaggy · January 30, 2021, 6:02pm

I do not know of other places where it can be useful to someone
I, like many other users, use freepbx and goip

johnjces · January 30, 2021, 7:18pm

If I were you and if you can, if that site is in fact a porn site embedded in their code, I would steer clear of that provider and their equipment.

I certainly feel that this post was appropriate for this forum as it relates to a voip service that other FreePBX or other users, might be using. Or should every post be prefaced with, I use FreePBX and this might be of interest to others using GOIP, Bill?

billsimon · January 30, 2021, 8:19pm

I don’t care how you preface your posts. I asked what it has to do with FreePBX and I got my answer.

dicko · January 30, 2021, 10:00pm

You could try calling 1-702-224-2888 and ask for Jin Qi, I’m sure he will have an explanation

danb35 · January 31, 2021, 2:54am

The setting would seem to tell you what it’s used for, and not as a “link” at all–it would appear to be exactly what it says, which is an encryption key. Why it would default to that, I have no idea, but it seems pretty clear what function that text is serving in the phone.

But I likewise question why random facts about random phones are appropriate to share here.

dicko · January 31, 2021, 3:05am

Backdoors in Chinese firmware is not new, pretty well ubiquitous now, it might look like a chinese porn site to you, but in fact is in Las Vegas to avoid geoip blocks , these guys are very clever (better than you or I) what the hardware gets, or more impotently, is given, is unlikely what you would get with curl or a web browser.

Five years ago they would be rooted in a Beijing university. They learn quicker than us

i would trust a mikrotik quicker but even they are made in China

snaggy · January 31, 2021, 6:47am

by default this is actually used as the encryption key
but I think it is easy for any programmer to write code that would access this file and this link

system · June 3, 2021, 11:03pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.