Monday, November 22, 2010

Where Phone System Hackers Hide

Some phone systems are utilizing a feature, called the dial-by-name directory, which hackers can take advantage of by obtaining valuable information in it. This telephony feature usually works in conjunction with a voicemail system by providing callers a categorized menu when connecting to the proper contact or department.

Callers can easily access this directory feature by pressing “0” on their telephone keypad. Most companies’ assign this number by default and it is usually configured to be accessed after dialing the main phone number or after the voice mail box has activated. Phone hackers carry out their attack after office hours to be sure no one answers the call they will make.
 
Hackers are not hackers if they are not capable of protecting their identities. To conceal their location or identity a phone system hacker usually hides behind the following:
  • Business Phones – with the use of the phone system’s manual or user guide an attacker can easily spoof the system by entering the default administrator password which is usually not changed. Once in, the hacker can easily use the system as a platform for attacking other system.
  • Residential Phones – a caller ID can easily reveal who the calling party is. Phone attackers can trick the phone system by entering the code *67 before dialing the number they will call. It is a code for hiding the phone number they used for calling. Unfortunately, this technique does not work when calling toll free phone numbers or N-1-1 codes like 911.
  • VoIP (Voice Over Internet Protocol) Servers – open-source PBX software, like Asterisk, can be utilized and configured to hide any attackers’ identity by using any number they want.

No comments:

Post a Comment