User's & Administrator's Manual
1. Introduction
Version 1.18
15
RXV81 MTR on Android Video Collaboration Bar
Screen Lock
AudioCodes Native Teams devices use a screen lock mechanism to prevent any malicious
user/users from gaining access to Calendar information and / or Active Directory list of employees
and / or triggering unauthorized Teams calls from the device. After enabling screen lock, the
device automatically locks after a preconfigured period; a code is required to unlock the device
and resume full operation.
AudioCodes Private Key
The system software on the device is signed with AudioCodes private key – users can replace
the complete software only with new software that is also signed by the AudioCodes private key.
This prevents the user from replacing the complete OTA package of the device with any new
system software unless this software has been fully signed by AudioCodes.
Android Debug Bridge (ADB)
AudioCodes disables the Android Debug Bridge (ADB) application and keeps the Teams app
running in the front all the time, which means there is no way to install other Apps from unknown
sources and sideloading.
App Signing
Android requires that all apps are digitally-signed with a developer key before installation;
currently the device verifies that the apps are signed by Microsoft. App signing prevents malicious
user/users from replacing a Microsoft-signed app with an app that "pretends" to be Microsoft but
which lacks the private key that is known only to Microsoft.
Web Browser
The device does not include a Web browser – users cannot browse to the public internet or
internal intranet– all Web services are customized to connect to O365 services and AudioCodes
managed services such as One Voice Operations Center (OVOC).
Without a web browser, malicious user/users will not be able to access the device and browse
from it as a trusted device into the customer network.
Remote Configuration Management
The Native Teams device does not have an embedded WEB server – configuration and
management is performed using one of the following remote interfaces:
Microsoft Teams Admin Center (for Native Teams devices) over HTTPS protocols – this is
enabled after successful sign-in authentication process.
AudioCodes Device Manager (part of AudioCodes OVOC suite) over HTTPS.
Debugging interface over SSH. Note that SSH MUST be disabled by default and enabled
only per specific case for debugging-purposes only.
AudioCodes Device Manager Validation
The IP phone validates the AudioCodes Device Manager identity using known root CA:
The device is shipped with known Root CAs installed. See
AudioCodes Root CA Certificate
For the initial connection phase, the AudioCodes Device Manager should access the device
using a known CA.
Once a successful secured connection has been established between the device and the
Device Manager, the user can replace the root CA on the Device Manager and on the phone
and re-establish the connection leveraging any private root CA.