Hackers of India

Fuzzing DTMF Input Processing Algorithms

By  Rahul Sasi  on 20 Sep 2012 @ Ekoparty

Abstract

Our paper would be on DTMF input processing algorithms [DSP] , that are often embed into PBX, IVR, Telephone routers and other devices that process DTMF input. PBX and IVR servers are often deployed for running Phone Banking App Servers, Call Center Application and other systems that uses phone to interact with them. If an attacker could trigger exception in DTMF processing algorithms, then they could crash the entire application server making a single phone call, causing the entire Phone banking in accessible, or no calls to the costumer service goes through. One such denial of Service could cause a lot of panic and the amount of damage would be pretty huge. We will be demonstrating lot of amusing remote DTMF attacks on Phone Banking, Tele-Voting, and Customer Support applications using DTMF. This talk is recommended for Pentesters, PCI|DSS consultants, Telephone Companies, Banks or anyone who uses a device interacted via Telephone.