[VoiceOps] Just got hit with a new attack vector

Matt Yaklin myaklin at g4.net
Sat Nov 17 23:35:07 EST 2012

On Sun, 18 Nov 2012, Robert Dawson wrote:

> User mailbox was compromised. The attacker called into the extension and
> left a voicemail while spoofing the number they wanted to call,  then called
> back, logged into the mailbox, retrieved the message, and used the "Callback
> Caller" option from the playback menu to originate a call back to the
> spoofed number.

Pretty clever really.

What software did the attack compromise?
An Aserisk release? Custom rolled or a popular ISO release?
Something else?


matt at g4.net

> I disabled the option in the voice portal to mitigate further attacks.
> Figured it would be worth sharing.

More information about the VoiceOps mailing list