[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] very strange behaviuor of android app

From: Russell Treleaven
Subject: Re: [Linphone-developers] very strange behaviuor of android app
Date: Wed, 30 Mar 2016 12:08:04 -0400

Your scenario does not mean that the Linphone apps on the playmarket is hacked.
These calls are coming from some hacker using a tool called sipvicious.
Have you created an inbound firewall rule on your home firewall for your softphone?


On Wed, Mar 30, 2016 at 11:57 AM, Alex <address@hidden> wrote:

Yesterday,  I've  installed  Linphone  on an Android phone from Google Play. The
phone  has  a  stock firmware and not rooted. I created a sip account to connect
Linphone  to my office Asterisk (it's not faced to the Internet) and played with
it for couple hours in the office. Then went home.

This  night  at  approx.  4am I started receiving calls from unknown nunmbers. I
dropped  them  but  the  calls came constantly. Finally I've sent logs to myself
(from About menu) and turned off Linphone.

Here is a snippet from the log:
2016-03-30 05:53:07:012 MESSAGE belle_sip_get_src_addr_for(): af_inet6=0
2016-03-30 05:53:07:013 MESSAGE Channel has local address
2016-03-30 05:53:07:013 MESSAGE channel 0xabedf128: state READY
2016-03-30 05:53:07:013 MESSAGE udp_listening_point: new channel created to
2016-03-30 05:53:07:015 MESSAGE bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x649008be]
2016-03-30 05:53:07:015 MESSAGE channel [0xabedf128]: starting recv background task with id=[649008be].
2016-03-30 05:53:07:016 MESSAGE channel [0xabedf128]: received [752] new bytes from [UDP://]:
INVITE sip:address@hidden SIP/2.0
To: 0972597740483<sip:address@hidden>
From: 2022<sip:address@hidden>;tag=c0456eb0
Via: SIP/2.0/UDP;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport
Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611
Contact: <sip:address@hidden:5070>
Max-Forwards: 70
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 282

o=sipcli-Session 424980921 1826714528 IN IP4
c=IN IP4
t=0 0
m=audio 5073 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000

2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] [470] bytes parsed
2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] read [282] bytes of body from []
2016-03-30 05:53:07:026 MESSAGE Changing [server] [INVITE] transaction [0xab99f600], from state [INIT] to [PROCEEDING]
2016-03-30 05:53:07:027 MESSAGE channel [0xabedf128]: message sent to [UDP://], size: [280] bytes
SIP/2.0 100 Trying
Via: SIP/2.0/UDP;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport
From: "2022" <sip:address@hidden>;tag=c0456eb0
To: "0972597740483" <sip:address@hidden>
Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611

2016-03-30 05:53:07:027 MESSAGE New server dialog [0xab743078] , local tag [], remote tag [c0456eb0]
2016-03-30 05:53:07:027 MESSAGE op [0xabd13df8] : set_or_update_dialog() current=[0x0] new=[0xab743078]
2016-03-30 05:53:07:027 MESSAGE new incoming call from ["2022" <sip:address@hidden>] to ["0972597740483" <sip:address@hidden>]
... - is my ip address in my home wifi network
178.162.x.y   - is a public ip of my home wifi router

The full log is available at

In  the log you may find REGISTER requests to - it's my office
Asterisk which is inaccessible from home.

Can someone shed some light what was it and how could that happen?

I see the only cause of this: Linphone app on the playmarket is hacked. Is it?

Best regards,

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]