RE: Phone Switches + telephone banking etc

From: Vachon, Scott (Scott.Vachonat_private)
Date: Fri Jun 07 2002 - 05:53:30 PDT

  • Next message: McAllister, Andrew: "RE: PGP spoof decrypted output?"

    > was thinking today about phone switches, many of them are connected to
    >the internal LAN. Many of them record all the keystrokes made by the
    >individual phones (this is the important bit). If one could compromise a
    >phone switch (or where ever it stores it's logs) then making free calls
    >would be a minor issue. The prize in this situation could be who phoned
    >what bank and if you can get the key presses then if that person has
    >used the automated telephone banking service, you will have ( at a
    >minimum):
    > the account number 
    > sort code
    > any verification number
    >has any one done any work in this area ?
    >I know many banks ( at least in the UK) will say not to use their
    >service through cordless phones, maybe they should increase to include
    >corporate phone switches.
    
    In a past occupation, I worked with phone switches. Most have a bare minimum
    OS that runs on them but, for full functionality they are used with a
    separate host (or hosts). It is the host that provides the actual data
    exchanges, choose the voice prompts to play, and responds to the keyed
    inputs. Now is it possible to attain information from the switch itself ?
    Yes, if you can gain telnet or snmp access to it, you can either make
    changes, or monitor/record keyed input. Could one make free calls ? I would
    say yes. Given either the telnet or snmp access, you could redirect the
    switch to use a host of your choosing. 
    
    ~S~
    
    Disclaimer: My own humble 2 cents...
    



    This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 09:12:15 PDT