VoIP: SIP-over-TLS and sRTP: Escene

Escene allows Open-SIP out of the box. Therefore, you can try VoIP/SIP servers like Digium Asterisk or public VoIP/SIP providers. Escene is also known as Univois. In the past, Escene was also chosen by ALE, Auerswald, and Khomp. I am not sure why a phone with some many obvious defects finds even OEM partners. Auerswald told me they contacted Escene about my findings. Escene told me, they were not contacted. Go figure!

Last tested firmware

0.0.38.01143194
retested in Oct. 2019 with 0.0.38.05283401

Configuration

Password: admin/22222
Web → Security → Password
HTTPS: not available, confirmed by the support team
Update: Web → Maintenance → HTTP Upgrade → Select a File
Trust Anchors: Web → Security → Trusted Certificates
SIP-URI User: Web → SIP Account → Basic → Username
SIP-URI Host: Web → SIP Account → Basic → SIP Server
SIP-over-TLS: Web → SIP Account → Basic → SIP Transport: TLS
Web → SIP Account → Advanced → DNS-SRV: On
SDES-sRTP: Web → SIP Account → Advanced → Voice encryption: Optional (only for incoming)
which is RTP/SAVP

Software Bugs

SHA-2 Digest: does not pick MD5, continues without header Authorization, therefore is not able to register; therefore incompatible with Linphone
AES-256 sRTP: accepted although not supported; resulting crypto tag has no index
DNS-NAPTR: missing
Session Timers: broken; SIP UPDATE even if not supported
Audio DiffServ: RTP is at 0 although Web → Network → Advanced → QoS shows 46
IP Port Source: not random on default, 5070 always
not the actual port but nothing in the SIP header Contact
Mitigation: unknown; service has to ignore it and re-use the TCP based connection instead

Security

Bugs: SDES-sRTP key with reduced entropy (keys observed were hex: 0-9a-f),
DNS-SRV redirection disables Hostname Validation,
padlock icon even without SIP-over-TLS,
missing TLS_ECDHE_[RSA|ECDSA]_WITH_AES_128_GCM_SHA256,
Cipher Suites include RC4, Single-DES, EXPORT (OpenSSL 1.0.1l or older),
ECDHE curves with less than 224 bit (OpenSSL 1.0.1; ssl/t1_lib.c:pref_list), and
requires root of certificate chain as trust anchor (OpenSSL 1.0.1m or older)
Privacy: device phones home to tftp://voip.autoprovision.com
Mitigation: Web → Maintenance → Auto Provisioning → Auto Provision: On → Software Server URL: empty
(the option ‘Off’ does not work)
device phones home to EP+
Responsible Disclosure: no way found
Firmware Update: missing Automation
missing Newsletter

Miscellaneous

Model Range

Power Supply

12 V ?.? A, Coaxial: 5.5 mm × 2.1 mm

back to the other phones.