[VoiceOps] Just got hit with a new attack vector

Robert Dawson RDawson at alliedtelecom.net
Sun Nov 18 08:58:01 EST 2012


This was a Broadworks platform, though any system with similar functionality could be exploited.

Sent from my iPad

On Nov 17, 2012, at 11:35 PM, "Matt Yaklin" <myaklin at g4.net> wrote:

> 
> 
> On Sun, 18 Nov 2012, Robert Dawson wrote:
> 
>> User mailbox was compromised. The attacker called into the extension and
>> left a voicemail while spoofing the number they wanted to call,  then called
>> back, logged into the mailbox, retrieved the message, and used the "Callback
>> Caller" option from the playback menu to originate a call back to the
>> spoofed number.
> 
> Pretty clever really.
> 
> What software did the attack compromise?
> An Aserisk release? Custom rolled or a popular ISO release?
> Broadsoft?
> Something else?
> 
> Thanks,
> 
> matt at g4.net
> 
>> I disabled the option in the voice portal to mitigate further attacks.
>> Figured it would be worth sharing.



More information about the VoiceOps mailing list