Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Code auditing can help prevent PBX phreaking

Fortify : 03 September, 2009  (Technical Article)
The recent high profile hack of a toll-free PBX in North Carolina illustrates the need for code auditing to close system back doors
Reports that a North Carolina business has been left with a $2,500 phone bill after phone phreakers hacked its PBX via the firm's toll-free (freephone) number shows the danger of failing to audit all aspects of a systems' software, says Fortify, the application vulnerability specialist.

'What this case shows is that, although the PBX supplier may have verified the security of the front line telephony interface on its PBX systems software, the hackers were able to break in via the side door effectively offered by the toll-free number,' said Richard Kirk, Fortify's European Director.

'This is because a growing number of toll-free service providers support access to the direct dial inwards (DDI) numbers seen on the PBX systems of small-to-mid-sized enterprises,' he added.

And, says Kirk, since these DDI numbers are mapped directly on to PBX extensions, the security levels on this side door method of access is often a lot less than the front door, the firm's main telephone number.

Of course, he explained, what makes matters worse about this hack is that the firm ended up paying for the hackers' incoming calls to its toll-free number, as well as the subsequent calls to foreign destinations.

According to the Fortify Director, the case proves that hackers can - and will - exploit the weakest link in the security of any public-facing computer system, whether that system if it is Internet or telephone network-facing.

'It's therefore vitally important for any code developers working on such a system, whether it's PBX systems software, or an e-commerce application, to secure the side door entrances, as well as the front entrance,' he said.

'Just because the side door is not directly accessible at the moment, does not mean it won't become accessible at some time in the future, as new features and services are added to the software. Code auditing requires the use of lateral thinking in this regard,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo