In Part I, we learned how phone hackers target voice mail systems to steal and resell long distance minutes to countries with costly per-minute charges. But there are other targets for the hacker in today’s business communication infrastructure.

Right on Target

Hackers also target traditional phone systems, IPPBXs and cloud telephony services. The goal is still to gain access to those free minutes. But the method here is to set up call forwarding in the phone system so any incoming call is redirected to an International Long Distance access number. Because the attack vectors vary so widely, I will discuss them by platform type.

The Traditional Phone System:

Because the legacy phone system has limited (if any) network connectivity or functionality, there is little the hacker can do to gain access to the programming interface. Modem access can still be a target and one of the best ways to protect yourself is to set up call-back on any modems connected to outside phone lines. Typically, however, phone systems require manual intervention to connect to a programming modem port. That is, someone has to call in and request to be transferred to the modem. Human engineering comes into play here again. You should have a spoken password established with your vendor that they must provide to be allowed modem access. Train staff so they refuse to transfer callers to the modem extension unless the password is given. On all phone systems, practice good physical security. Keep the phone system behind locked doors and control access.

Get some class

You may be able to limit access to international dialing on a per-extension basis using class-of-service. Take a hard look at who needs to make international calls and restrict it wherever possible. Most telephone systems have the ability to assign class-of-service on a per-group or per-user basis. Tell your vendor what you want to accomplish and they should be able to implement it.

The IPPBX: SIP Vulnerability

The IPPBX has a whole different set of vulnerabilities. First of all, the IPPBX is, by definition, connected to the network. This opens up all the vulnerabilities of any other network server. Your first line of defense is your firewall. Block any uninvited traffic to the IPPBX except from known sources. It can even be useful to implement egress filtering so you deny non-conforming packets sent from the IPPBX to the outside world.

Take a SIP

SIP is the most common call control protocol of VoIP. If a hacker can send SIP messages to your IPPBX, he can initiate calls at will. Block uninvited SIP traffic at the firewall . Most IPPBXs also allow the administrator to set up zones of trust by IP range. Make sure you have limited those zones to known remote office locations and service providers (e.g., SIP Trunking Providers). This multi-layered defense is much more effective.

Right on Target

Phones themselves can also be a target on an IP-based system. Many IP phones are programmable / configurable via telnet or a web browser interface. If a hacker can gain access to one of these interfaces, setting up call forwarding or other malicious activity directly on the phone may be possible. The phones typically ship with a default password which is easy to find by searching the web. Change the default password on all IP phones prior to installation. And, again, use class-of-service to limit International dialing on a per-user or per-group basis.

Cloud Telephony

Cloud Telephony opens up a new set of vulnerabilities and also brings some new tools to combat the threat. Hosted service providers and SIP trunking providers are juicy targets for hackers. One of the first considerations is to choose a provider that takes an aggressive stance toward fraud prevention. This means having the end-user sign off on their choices about International Dialing and International Call Forwarding. Having the ability to restrict International Dialing and International Call Forwarding on a per-account basis is good. Even better is the ability to restrict them on a per-number or per-user basis. Understand what the defaults are (allow/disallow) for your provider and modify user settings accordingly. Some providers also have the option to allow or disallow based on “high-cost” destinations. That gives you the option to allow generic International calling but block calls to those specific high-cost areas. See the table below.

NPACountryNPACountry
684American Samoa671Guam
264Anguilla876Jamaica
268Antigua and Barbuda664Montserrat
242Bahamas787Puerto Rico
246Barbados939Puerto Rico
441Bermuda670Saipan
284British Virgin Island721Saint Maarten
345Cayman Islands869ST. Kitts/Nevis
767Dominica758ST. Lucia
809Dominican Republic784St. Vincent
829Dominican Republic868Trinidad and Tobago-
849Dominican Republic649Turks & Caicos Island
473Grenada340U.S. Virgin Islands

Lock Down the Portal

Most Cloud Telephony services provide a web portal for administrative changes. Typically there is an administrative account set up for each billing account and a user account for each hosted seat (SIP trunking subscribers would just have the main admin account). Practice good password management for these login accounts. Use complex passwords (minimum 14 characters) and change them regularly. These are the keys to the castle! Guard them accordingly. Consider using a password manager like KeePass to keep track of them.

Has your phone system ever been hacked? What was your experience solving the problem? What steps have you taken to minimize your risk? Share your thoughts in the comments.

Pin It on Pinterest

Share This

Share This

Share this with your friends!