[VoiceOps] Just got hit with a new attack vector
Matt Yaklin
myaklin at g4.net
Sat Nov 17 23:35:07 EST 2012
On Sun, 18 Nov 2012, Robert Dawson wrote:
> User mailbox was compromised. The attacker called into the extension and
> left a voicemail while spoofing the number they wanted to call, then called
> back, logged into the mailbox, retrieved the message, and used the "Callback
> Caller" option from the playback menu to originate a call back to the
> spoofed number.
>
Pretty clever really.
What software did the attack compromise?
An Aserisk release? Custom rolled or a popular ISO release?
Broadsoft?
Something else?
Thanks,
matt at g4.net
> I disabled the option in the voice portal to mitigate further attacks.
> Figured it would be worth sharing.
>
>
More information about the VoiceOps
mailing list