Fritz!Box and Unauthorized Phone Calls

Unauthorized Phone CallsReports from Germany say that Fritz!Box, the popular DSL/Wireless LAN Router, contains a vulnerability that allows a hacker to make expensive and unauthorized phone calls from the device. AVM, the developer of the Fritz!Box has issued a security warning to all of its users warning them of the danger.

The vulnerability affects any users who’ve enabled port 443 (the normal port for SSL communication) on their Fritz!Box router. Users typically do this so that they may access their devices from anywhere using the MyFritz! service, or to get acces to their files with the Fritz!NAS service.

Some of the Fritz!Boxes contain the ability to make telephone calls over a VoIP connection. Hackers have been infiltrating these devices, and modifying the configuration so that the most expensive VoIP services were being used. The newspaper “Der Westen” even reported about a case where phone calls valued over 4200€ were initiated from a compromised Fritz!Box.

It’s important to remember that even though we believe we know what hackers want to go after when they compromise a system (usually its the DNS) it’s not always the case. Sometimes the most unlikely feature is the one that’s really being attacked.