Polycom SSIP 7000 hacked...

Occasional Visitor

Polycom SSIP 7000 hacked...

We got a call from our telecom provider that this past weekend, calls originated from our school district, out internationally. In the course of investigation, we found the two phones responsible. Both are Polycom SoundStation IP 7000 conference phones. Looking at their configurations, it turns out both devices have phone passwords and config auth login/passwords that we did not set. Looking into it, I've read elsewhere that others had issues with polycom phones and having information get injected into these devices.. Looks like they called out somewhere, the entity it communicated with injected the credentials, and then had access.


What can we do to stop this?!

Message 1 of 3
Polycom Employee & Community Manager

Re: Polycom SSIP 7000 hacked...

Hello @ITMattgyver 

Your post ended up in the Spam Filter so I moved this here.

Welcome to the Poly Community.

Both the communities Must Read First and the FAQ reference the basic minimum information a new or follow up post should contain.

This ensures the questions having to be asked are limited and any new or follow up post contains the right amount of details to ensure any voluntary participant within the community does not spend additional time chasing basic information.

As a reminder the basic information asked for:


  • Provide the exact Software Version of your Phone
  • Provide the Phone Model
  • Provide the Call Platform (aka openSIP,Teams, Skype for Business Online, Skype for Business on Premise, Lync, Zoom or BlueJeans)
  • Provide details if UC / SIP or ObiEdition
  • Additional Poly Infrastructure (RPRM,PDMS or BToE)
  • If applicable provide a backup of the phone in question

UC Software 4.0.0 or later via the Web Interface Utilities > Phone Backup & Restore > Phone Backup > Phone Backup. Please rename into .TXT or Zip the file to attach.
Since UC Software 5.9.0 simply provide this via the Web Interface Diagnostics > Download Support Information Package

  • If possible provide a Log and either attach them or use the Code Tag.Consult the Troubleshooting Section found within the FAQ if applicable
  • If possible provide the MAC Address or Serial of the device
  • Provide details for example if the issue is a day 1 issue or only happened after an upgrade or any other relevant details
  • For questions around Support please check here


Whilst providing some of these details may not directly impact any possible answer the community can provide, it does enable Poly to have an overview of the current software used. In addition, providing all details at the same time allow us to check logs or look up potential support partners if an issue needs to come into support. It also enables us to verify the entitlement for using features.


I would suggest you ensure you have:


  • Disabled access to the SSIP7000
  • Use a Secure Password
  • Additionally, simply disable the Web Access reversing the recommendations from => here <=

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier


If official support is required please check how to phone or open a case here

The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.


Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 3
Occasional Visitor

Re: Polycom SSIP 7000 hacked...

Thank you. I tried reading that first post, and I kept getting error pages. I'm pretty sure it's my end for some reason. My avatar isn't even showing right (at least not on my end..). I'll read through the post and update my post with the info I can get.


Couldn't edit my OP... Editing this post as a result:


  • Model: SoundStation IP 7000
  • call platform: Switchvox IP system
  • bootrom:
  • s/n: 0004f2f9658f

Right now, we aren't even hooking the conference phones back into the network unless they need to be used, at least until we can determine what happened.

Message 3 of 3