[OPLIN 4cast] OPLIN 4cast #548: Telephone attacks

OPLIN Support via OPLIN4cast oplin4cast at lists.oplin.org
Wed Jun 28 10:30:09 EDT 2017 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #548: Telephone attacks
June 28th, 2017

[image: black telephone on table work of office] Here’s something to add to
your anxiety closet. We are starting to hear reports of libraries whose
VoIP telephone systems have been hacked. Many of us — especially if we’re
old enough to remember rotary dial phones
<https://en.wikipedia.org/wiki/Rotary_dial> — don’t give much thought to
phone security beyond being careful about what we tell people over the
phone. But Voice over IP phones are actually internet devices and, like
just about everything else connected to the internet, they can be hacked.
All of the articles linked below contain suggestions for protecting your
phone system from attacks. Of course, some of the suggestions include
buying their products, but most are sound advice.

   -
   - The forgotten security frontier: How secure are your phone calls?
   <http://techseen.com/2017/02/14/phone-security-mykola-konrad/> (Techseen
   | Mykola Konrad)  “In the late 1990s and early 2000s, a lot of companies
   were part of a massive Voice over IP (VoIP) revolution that quietly moved
   most wired and wireless communications onto IP-based networks through a
   protocol known as SIP (Session Initiation Protocol). Most consumers weren’t
   even aware of the change. Prices did get cheaper, phone quality was
   initially an issue for some of the early adopters, but today it’s nearly
   impossible to tell the difference between a voice call that traverses the
   Internet and one that runs over a private network. But here’s the problem:
   the changeover was so subtle, many people kept thinking of their phone as a
   device connected to a private network, rather than one connected to the
   public Internet.”
   - Hello, you’ve been compromised: Upward attack trend targeting VoIP
   protocol SIP
   <https://securityintelligence.com/hello-youve-been-compromised-upward-attack-trend-targeting-voip-protocol-sip/>
   (IBM’s Security Intelligence | Michelle Alvarez)  “Because VoIP routes
   calls through the same paths used by network and internet traffic, it is
   also subject to some of the same vulnerabilities and threats cybercriminals
   use to exploit these networks. VoIP traffic can thus be intercepted,
   captured or modified and is subject to attacks aimed at degrading or
   eliminating service. VoIP technology allows malicious individuals to
   conduct caller ID spoofing with minimal cost and effort. This enables
   attackers to obtain information or facilitate additional scams against
   their targets.”
   - How vulnerable is your SIP?
   <http://www.nojitter.com/post/240172189/how-vulnerable-is-your-sip> (No
   Jitter | Andrew Prokop)  “I won’t ask for a show of hands, but how many of
   you log into your SIP phones with a password identical to your extension?
   If not that, how many of you use ‘1234’? Unfortunately, I come across both
   all the time. Sometimes these inadequate passwords are due to a lack of
   understanding of just how dangerous they are, but it’s often the fault of
   the communications system itself. I don’t want to name names, but I know of
   some really big communications products that do not provide their VoIP
   users with an easy way to change the passwords on their endpoints.”
   - Call analytics & reporting — How to prevent and detect toll fraud
   <https://www.commstrader.com/guides/technology-track/call-reporting/prevent-detect-toll-fraud/>
   (Comms Trader | Paul Newham)  “The problem with VoIP toll fraud is, once a
   single extension has been hacked, it can easily be used to replicate extra
   channels, so fraudulent use multiplies very quickly. Huge bills can be run
   up very quickly, and not only that, the criminals can access sensitive
   information, such as contacts directories and personal or customer details
   left on recorded calls.”

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - VoIP security — Attacks and solutions.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=cph&AN=33278543>
   (*Information Security Journal: A Global Perspective*, May 2008,
   p.114-123 | Santi Phithakkitnukoon, Ram Dantu and Enkh-Amgalan Baatarjav)
   - Intrusion detection in voice over IP environments.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=40734872>
   (*International Journal of Information Security*, June 2009, p.153-172 |
   Yu-Sung Wu, Vinita Apte, Saurabh Bagchi, Sachin Garg and Navjot Singh)
   - Return of the phone phreakers: Business communications security in the
   age of IP.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=59858798>
   (*Security: Solutions for Enterprise Security Leaders*, April 2011,
   p.50-52 | Adam Boone)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/
   index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20170628/b04914bd/attachment.html>

More information about the OPLIN4cast mailing list