tag:blog.tmcnet.com,2013:/blog/tom-keating//4/tag:blog.tmcnet.com,2011:/blog/tom-keating//4.47781-Comments for AstriCon VoIP Security - $400,000 toll fraud - YIKES!VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinionsMovable Type 4.38tag:blog.tmcnet.com,2011:/blog/tom-keating//4.477812011-10-26T16:18:23Z2011-10-26T16:18:41ZAstriCon VoIP Security - $400,000 toll fraud - YIKES!During an AstriCon session on VoIP security the speaker discussed how easy it was to hack voicemail PINs, but not to listen to your voice messages but to initiate "call backs" using spoofed CallerIDs. Essentially, this leverages the "call back"...Tom Keatinghttp://blog.tmcnet.com/blog/tom-keating/ During an AstriCon session on VoIP security the speaker discussed how easy it was to hack voicemail PINs, but not to listen to your voice messages but to initiate "call backs" using spoofed CallerIDs. Essentially, this leverages the "call back" feature that many voicemail systems have to call back the person that left the message.
He then asked the audience for any real world examples of how they were hacked. Several volunteered their stories. I captured one of them where their Elastix server was hacked - due to their parent company locking them out of the server and not updating /patching the server. This resulted in the hackers racking up toll fraud (Korean calls) of $400,000! It's a fun watch. Enjoy! [HD available in full screen mode] ]]>