Author Topic: What are the best option to do a firmware update on Teleworker phones  (Read 1902 times)

Offline HungryHippo

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Is there another way beside the TFTP to update the firmware on teleworker phones?


Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
TFTP is it, the remote phone will download from the MBG it connects to.

Offline HungryHippo

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
wouldn't that protocol be unsecured? Is there a way for something like sftp or https setup on MBG to have the phones updated?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
What is your concern with the firmware using an unsecure protocol? The phone downloads the firmware and verifies the checksum before applying it, there isn't any real security concern here...

Offline HungryHippo

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
doesn't hackers usually use the tftp protocol to gain access to servers for this case which is the MBG server and why tftp is usually not considered safe to allow through the firewall.

Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
As far as I know TFTP is the only transfer protocol supported. In order for malicious firmware to be injected, the TFTP server would have to allow PUT (upload) access, which I don't believe the MBG allows, it allows GET (download) transactions only. In addition, you could block UDP 69 at the firewall which would force using the backup port of UDP 20001.

Offline HungryHippo

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
That's good to know, I'll test it out and capture some logs to see if it does goes to that port. Thanks!

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
doesn't hackers usually use the tftp protocol to gain access to servers for this case which is the MBG server and why tftp is usually not considered safe to allow through the firewall.
I mean, you aren't entirely wrong... tftp doesn't talk to the MBG, it passes it through to the MiVB, which is only a file repository and there is no access to anything else. Tftp is just a file transfer protocol, and it is in it's most basic form in the Mitel offering them for download only (there is no upload to the Mitel via tftp)... the Mitel doesn't execute or do anything with files in it's file repository for phones, it's just storage.

There is no security issue here...


 

Sitemap 1 2 3 4 5 6 7 8 9 10