Phonetic attack commands crash bank phone lines

By on
Phonetic attack commands crash bank phone lines
Image credit

Touch tone and voice activated systems open to attack.

A security researcher has demonstrated a series of attacks capable of disabling touch tone and voice activated phone systems or forcing them to disclose sensitive information.

In one test, a phone system run by an unnamed Indian bank had dumped customer PINs.

Attacks including blind SQL injection and buffer overflows could be served to almost any interactive voice response (IVR) phone system, according to Rahul Sasi, a security researcher with iSight Partners.

He said the attacks could take down critical phone systems, cutting off banking services or the ability of call centres to field customer inquiries.

“If someone can crash a banking app from anywhere in the world, that’s critical,” Sasi said.

“No banks or organisations are testing IVRs because they think the systems are secure, but in reality they are not. No firewall or CAPTCHAs monitor voice traffic.” 

The attacks were limited to the characters available within dual-tone multi-frequency signalling (DTMF) systems, which could include numbers and letters, but not most special characters such as backslashes.

In demonstrations at the recent Hack in the Box conference to be replayed at the upcoming Ruxcon security event, Sasi ran fuzzy testing against IVR systems serving data via a keypad and by spoken commands.

The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.

Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.

The targeted IVR systems responded by reading out error messages which provided attackers with valuable intelligence and data.

Sasi was developing a fuzzing program which would combine different DTMF algorithms with different frequencies. That could allow attackers to remotely crash a host of systems like phone banking applications that depend on DTMF.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?