Hackers of India

Somebody Answer the Phone: Hacking Telephone Systems for Fun & Profit

By  Himanshu Mehta   Sachine Wagh  on 27 Nov 2018 @ Hitb Sec Conf


Presentation Material

Abstract

It’s always exciting to know how the hackers are finding new ways to gain access to your organization. Protection of the Private Branch Exchange (PBX) network is an often overlooked area though it is an essential component that supports the critical functions of your organization.

Failing to protect your PBX can expose your organization to loss of confidential information or financial damage. Most of the organizations which have implemented a PBX are either unaware or ignore the security issues with PBX.

This talk will demonstrate multiple exploitable security vulnerabilities including impact, attack scenario, and mitigations that we came across while playing with different PBX (private branch exchange) systems. Our presentation will not be limited to the one, but many PBX vendors.

The following categories and demonstration will be included:

– Information Gathering – Internet-connected PBX and gaining access – Password Security – Caller ID Spoofing – Softphone Security – Vulnerabilities – Impact – Mitigation