September 26, 2012
Three IVR Security Threats You May Not Have Considered
Interactive voice response (IVR) systems boast tons of benefits, but sometimes, we don’t know or take into enough consideration the misfortune that is security threats. Reigning in such prevalent industries as call centers, hospitals, large information retrieval corporations and credit card hotlines, IVR security cannot be of any higher importance for businesses.
Recently, Bach Seat re-blogged some helpful tips VoIP/UC security blogger Mark Collier pointed out when considering IVR security and the threats which can (and do) be imposed. Apparently, IVR security threats are ever-present in those systems used specifically for financial transactions. Needless to say, if you’re involved in this specific industry, listen up!
- Information Harvesting: Bach Seat says that the odds of guessing a static, four-digit PIN for a range of account numbers is fairly easy when it comes to breaking in and causing fraud. While some IVRs lock the account, they reset at midnight, meaning you need to be extra careful and aware.
- Injection: Even the simplicity of spoken words such as “test” and “com” can leave VXML-supported servers fingerprinted, generally affected or can even lead to experiencing a complete crash.
- Dual-tone multi-frequency signaling (DTMF): Entering a large number of tones or adjusting frequency/tone duration can inadvertently – and more importantly – negatively affect your DTMF processing software in the IVR, which could also lead to a crash. “This could be particularly nasty, as DTMF processing is very common,” Bach Seat adds.
Collier leaves us with one final thought: since most of these IVR security attacks involve simple transmission of DTMF, they are just as simple to execute and automate. “These vulnerabilities could impact any IVR, whether it is TDM, VoIP, [or] the latest UC,” Bach Seat concludes, also adding that a lot of these issues don’t seem too different but rather just new applications of older methods of attack.
So to make sure that you have a guaranteed IVR that can handle high volumes of customers never slows down or slacks on the job, be sure to keep these points fresh in mind.
Image via Plum Voice.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Austin 2012, taking place Oct. 2-5, in Austin, TX. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Rachel Ramsey