September 18, 2012
Hacking and IVR: What Businesses Need to Know
By Rich Steeves
TMCnet Web Editor
These days, the news is filled with stories about bad guys hacking in where they don’t belong. They try to steal your e-mail passwords, send malware to you computer and gain access to some of the most secure sites in the world. But one danger that flies under the radar is the fact that determined hackers can use interactive voice response (IVR) systems to hack into banks and financial institutions.
In these scenarios, called “fuzzing attacks,” hackers can use audio processing algorithms in telephone networks to crash speech driven commend software. By using certain frequencies stuffed with unusual data, criminals can use PBX (News - Alert) and IVR systems to create exceptions and bail out scenarios, similar to the way hackers attack servers.
Since many call centers rely on PBX and IVR technology, they are vulnerable to cybercriminals who can find the right junk input and crash the backend systems, often coaxing the servers to give up sensitive information or create a denial-of-service situation.
As a recent paper by Rahul Sasi stated, “If an attacker could trigger an exception in DTMF-processing algorithms, then they could crash the entire application server by making a single phone call, causing the entire phone banking to become inaccessible, or no calls from the customer goes through. One such denial of service could cause a lot of panic and the amount of damage would be pretty huge. We will be demonstrating a lot of amusing remote DTMF attacks on phone banking, tele-voting, and customer support applications using DTMF.”
Sasi’s paper goes on to explain how the same techniques could be used to steal information from banking systems, snatching personal identification numbers from financial institutions. Companies that rely on this technology should look into security for their systems, noting that security measures they think are foolproof may actually have vulnerabilities.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Rachel Ramsey