Phonetic attack commands crash bank phone lines

The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.

Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.

via Phonetic attack commands crash bank phone lines – Networks – SC Magazine Australia – Secure Business Intelligence.

More information on this from:  DTMF Telephony Denial of Service (TDoS) Issues for IVRs

Since most of these attacks simply involves transmission of DTMF, they are very easy to execute and automate. These vulnerabilities could impact any IVR, whether it is TDM, VoIP, the latest UC, etc.