Don’t Forget about VoIP Exposures and PBX Hacking

Tuesday, April 24, 2012

Brent Huston

E313765e3bec84b2852c1c758f7244b6

I was browsing my usual data alerts recently and ran into this set of data.

It motivated me to write a quick blog post to remind folks that VoIP scans and probes are still going on out there in the wild.

These days, with all of the attention to mass compromises, infected web sites and stolen credit card data, voice systems can sometimes slip out of sight.

VoIP compromises and intrusions remain a threat.

There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking.

Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and traditional toll fraud.  

While VoIP might be the state of the art for phone systems today, there are still plenty of traditional PBX, auto-attendant and dial-up voicemail systems around too.

Now might be a good time to review when those systems were last reviewed, audited or pen-tested.

Traditional toll fraud is still painful to manage and recover from, so it’s probably worth spending a few cycles on reviewing these devices and their security postures.   

Let us know if your organization could use assistance with these items or with hardening voice systems, implementing detection techniques for them or otherwise increasing voice system security.  

Cross-posted from State of Security

Possibly Related Articles:
9720
Network->General
Information Security
VoIP Exploits hackers Attack Vector Information Security Communications Cyber Espionage PBX Hacking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.