There is currently a lot of malicious activity being targeted at asterisk phone systems. In the default settings, it's easy to find an unregistered extension and take over that extension. In the case of LinuxMCE, the extension and the 'secret' registration password are the same.
It's fairly easy to throw random registration attempts at the box and wait for a good response.
blocking external SIP traffic with a firewall with not work because you would also be blocking legit registrations to SIP providers you have accounts with.
How can the 'secret' phone registration password be changed on devices like orbiter embedded phones so that when they're off, no one else can assume the role just by matching extension and password?
It's fairly easy to change the 'secret' on SIP devices but I cannot find the password location in the orbiter embedded devices. Of course, one can change the EXTENSION password on the asterisk side by accessing the phone config but this will break service to the orbiter as it will no longer be able to register without the correct password.