Protecting Snom devices against customer interference

Introduction

With “hardware as a service” as a business model, Internet Telephony Service Provider (ITSP) rent out hardware to their customers instead of selling it. It therefore can become necessary to limit the usage of the hardware to the own voice service, especially when no long term contract periods are in place. This practice has become widely known from the mobile phone industry as “SIM lock” or “netlock”.

With Snom phones you can achieve a similar protection by securing the boot loader, and with that prevent any factory reset of the phone. In this paper we explain how the boot loader lock works, which parameters need to be configured and how this can be integrated into a zero-touch deployment setup.

Phone redirection and auto provisioning

For Internet Telephony Service Provider (ITSP), the usage of Snom’s RDS to redirect phones facilitates a zero-touch installation experience for the customer, and provides a remote maintenance control of the phone to the ITSP.

If a factory reset is performed in a local area network without a connection to the internet, the user can then change the either

The value of the setting_server parameter
Change the provisioning_order parameter in that way that redirection is the last option checked by the phone (e.g. dhcp:stop pnp:stop tr69:stop redirection:stop). The phone can then be redirected to a different provisioning server by using for example DHCP options, and it will never again pass by Snom’s RDS.

With this, the service provider would have lost the control over this phone.

Step-by-step guide to prevent a factory reset on a Snom phones

To prevent the user from performing a factory reset of the phone, the ITSP can lock the boot loader with a number code (PIN). With this, the rescue mode of a Snom phone is password protected and a factory reset is no longer possible without knowing this number code.

In the following, we will describe first the manual procedure of setting up the boot loader lock and how it works. After that, the paper will explain how this protection can also be auto-provisioned.

Setting and clearing the uboot lock via auto-provisioning

If you are a service provider and the phones are shipped directly to your customer from distribution, you probably have an auto-provisioning server to configure the phones automatically once they connect to the internet. As any other parameter, you can also auto-provision the PIN for the uboot lock.

Set a uboot lock

To set the PIN, add

<uboot_lock>set:[12-digit PIN]</uboot_lock>

to the configuration file.

To check if the boot loader lock has been successful, you can check the phone log. It should show something similar to:
Jul 7 08:37:07.827 [NOTICE] PHN: set_uboot_lock: setting uboot lock successfully!
Now, if the user tries to initiate a factory reset or a recovery update, he will be asked to provide the password first:
If the PIN is correct, the phone will proceed to the next step and offer the two standard rescue modes:
If the PIN is incorrect, it will say Wrong Password! Press any key on the screen and the user will be asked again for the password. After a total of 3 unsuccessful attempts, the phone will reboot.

Remove the uboot lock

To remove the PIN, add

<uboot_lock>clear:[12-digit PIN]</uboot_lock>

to the configuration file.
Setting the uboot lock via the web user interface of the phone
Open a browser and access the phone’s hidden webpage via http://phoneIp/ublck91236.htm. To access this page, the phone needs to be in administrator mode.

Screen Shot 2017-07-07 at 10.23.42.png

In the input field, type set: followed by a 12-digit PIN. Only numbers are allowed and only 12 digits exactly, and press apply.
E.g. to protect the boot loader with the PIN “123456789012” you need to type
set:123456789012
To remove the uboot lock, you would need to type
clear:123456789012

Confidentiality and security advice

It is important to note, that locking the boot loader is completely under your own risk. There is no way for Snom to recover a phone protected with an uboot lock. Therefore, please make sure that the PIN is stored safely, and cannot be accessed by any unauthorised persons.

Snom assumes no liability for any malfunctions, damage or misusage caused by this feature.

Further Information

Related articles

Page:

TR-369 - Full Endpoint Management
Page:

How to trigger the phone to reset or synchronize its settings via provisioning - mass deployment
Page:

Snom Hospitality SIP Phone Administration Tool
Page:

SRAPS
Page:

Security How-to

Page tree