Global Communications
wp767209a5.png
wp7d25a6b1.png
wp6e166c19.png
wp0b903de2.png
wpe5933e95.png

FYI

Technical Field Reports

 Another version of voicemail hacking...

Voicemail hackers have recently been reported making use of the "remote call forwarding" feature of many voicemail system.   This is a method of turning on call forwarding for a specific extension on your phone system, the feature allows calls to be forwarded off site as an outgoing call to whatever number has been programmed.  The remote feature allows the user to not only turn on the feature but also to change the destination number remotely.  

Hackers have been found using this feature to be able to make international calls for the cost of either a local call or even toll free if the hacked system has a toll free number for access. Once the system has been reprogrammed the perpetrator has only to call the company's number and enter the extension number that has been hacked. The call will be forwarded to the destination number on another of the victim's phone lines, at the victim's expense.

Once again, proper use of passwords is the main protection against this type of attack.  Other types of  protection are mentioned in the previous articles below.

International Voicemail Hackers Attack U.S. Systems

Recent cases have been reported of voicemail systems being attacked.  In these particular incidents the hacker has been trying to force voicemail systems to place international calls to the Phillipines.  The number being dialed is similar in concept to the 900 numbers popular in the US, where the owner of the number will receive payment for every call that comes in.  Since these are international calls, the owner of the system under attack could be charged a very large amount by their long distance carrier.

The hacker makes use of voicemail features such as "beeper notification" or "off-site message notification", typically used to call a pager or cell phone number when a message has been left in a mailbox. These features can be accessed through a user's mailbox or through a system administrator's mailbox if they have no password assigned, or a very simple password.

We have dealt with three systems that have been attacked this way in the last four months.  The FBI told us that they have  received numerous complaints regarding this type of attack and that ATT has been tracking a tremendous volume of calls to the Phillipines recently.

What to look for?

1. Are your employees using their password feature?

2. Voicemail systems will usually tell you if someone had tried to enter your mailbox with an incorrect password- be suspicious if this occurs.

3. Note any odd activity on your phone system or voicemail system. Do lines appear to be in use when no one else is in the office such as after hours or at night?

4. Do your telephone bills show unusual activity such as frequent international calls?

What to do?

If you have any of the above symptoms or note other suspicious activity, contact us promptly to discuss what might be occurring and what steps can be taken to protect your systems.

For preventative measures check the following:

1. Make sure passwords are being used by all users, and not just the default passwords.

2. Make sure passwords or other security measures are in place for all administrative functions.

3. The voicemail ports can be programmed to deny access to outside lines.

4. If the voicemail needs outside access (such as for pager or cell phone notification), the ports can be toll restricted to prevent international or other 900 type calls.

Inter-Tel

Digital Terminal Spontaneous Off-Hook Problems

Inter-Tel has recently announced a field problem that affects the digital terminals. This problem is known as "Spontaneous Off-Hook". This problem can be very annoying and in some cases costly to fix and or resolve.

This problem involves both of Inter-Tel's phone manufacturers. The manufacturer's brand of LED and photo-interrupter components used to signal the on or off-hook is where the problem is occurring. It has been determined that the failure or degradation of these component parts is creating the "spontaneous off-hook" condition. To resolve this, Inter-Tel's Engineering Department has developed a new design of LED and photo-interrupter components.

Why is this a threat?

This problem could cause a telephone set to go off-hook on it's own, intermittently. When a phone is off-hook, that can open the audio path from the handset microphone to the line, allowing someone to listen in to conversations in the room if they had access to the phone wires.

What to do?

Always be observant of peculiar operation of your telephone set or system and report any oddities to your telecom personel. Follow up to see that any problems were identified and taken care of.