Network Computing is part of the Informa Tech Division of Informa PLC
Asterisk: A VoIP Hacker's Best Friend
Possibly the most disturbing news out of the Black Hat security conference last week was how Asterisk, the open source PBX, is being increasingly used by hackers in a wide variety of hard-to-stop VoIP hacks. Everyone, from home users to corporate networks, could become a target.
Talks at the show explained just how easily an Asterisk-based PBX can be used to launch attacks, notably "vishing" attacks, in which hackers use VoIP calls instead of phony Web links to steal personal and financial information.
Asterisk has become the hacker's favored tool because it's free, easy to use, and works with cheap, off-the-shelf hardware. Install Asterisk on an inexpensive PC, do a little tweaking, and you've got a full-blown PBX, something that previously would have been extremely expensive and time-consuming to do.
A vishing attack is simple to launch using Asterisk. War-dial using an Asterisk-based PBX, and send a recorded message to thousands of people, telling them their credit card number has been stolen, and that they need to call a phone number to solve the problem.
The number, of course, is the Asterisk-based PBX set up by the hacker. An automated message tells them to enter their credit card number and other personal information, for verification purposes. The PBX records the number and information, and the hacker now has a credit card to use.
Other hacks can be launched from Asterisk as well. There's the "man-in-the-middle" attack, in which a PBX-initiated call lures someone into calling a bank, credit card company, or other financial institution. The PBX answers, and forwards the caller to the real customer service number --- and then listens in and records the entire call. Again, the hacker comes away with personal and financial information he can use.
Recommended For You
What skills do network managers really need to properly secure industrial networks? What new protocols, frameworks, and regulations are important? And what conferences and certifications can help? Here are five tips to get started.
A full-stack approach to retail edge offers retailers a way to optimize operations and adapt to changes in a post-pandemic world.
Network management tool sprawl is getting in the way of network management. It’s time for IT to do something about it.