Hackers of India

Hunting PBX for Vulnerabilities

 Himanshu Mehta   Sachin Wagh 


Presentation Material


Our main motto of this session is to walk through the multiple vulnerabilities present in PBX that may possess threat to any individual or organization. This talk will demonstrate multiple exploitable security vulnerabilities including impact, attack scenario and mitigations that we came across while playing with different PBX. Hackers could explore the vulnerabilities to launch various security attacks and security professionals will learn how to mitigate against them. Our presentation will not be limited to the one, but many PBX vendors.

A Live demonstration of vulnerabilities.

It’s always exciting to know how the hackers are finding new ways to gain access to your organization. Protection of the PBX is thus a high priority. Private Branch Exchange (PBX) is an essential component that supports the critical functions of your organization.

In our talk, the following categories and demonstration will be included:

Information Gathering

Internet connected PBX and gaining access

Password Security

Caller ID Spoofing

Softphone Security




Failing to protect your PBX can expose your organization to loss of confidential information or financial damage. Most of the organizations which have implemented PBX are either unaware or ignore the security issues with PBX. The real key to effective security is to keep ourselves always updated. Once you understand the threat you are in a much better position to deploy security effectively.