Phonetic attack commands crash bank phone lines

The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.

Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.

via Phonetic attack commands crash bank phone lines – Networks – SC Magazine Australia – Secure Business Intelligence.

More information on this from:  DTMF Telephony Denial of Service (TDoS) Issues for IVRs

Since most of these attacks simply involves transmission of DTMF, they are very easy to execute and automate. These vulnerabilities could impact any IVR, whether it is TDM, VoIP, the latest UC, etc.

The Call of the Future by Tom Vanderbilt

In 1986, the latest shift was “call waiting,” which Judith Martin compared to “standing at a cocktail party and not paying attention to the person you’re with, waiting for a more important person.” Now, of course, as we stand at that same cocktail party, fidgeting with our smartphones—which, despite rarely looking like something designed for speaking into, we not only talk on, but to (summoning the iPhone’s electronic concierge, Siri, for directions or the weather)—the interruptions that once occurred on the telephone line now occur in real time and space.

via The Wilson Quarterly: The Call of the Future by Tom Vanderbilt.