Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoken Commands Crash Bank Phone Lines

Posted by samzenpus on from the initiate-self-destruct-sequence dept.

mask.of.sanity writes "A security researcher has demonstrated a series of attacks that are capable of disabling touch tone and voice activated phone systems, forcing them to disclose sensitive information. The commands can be keyed in using touchtones or even using the human voice. In one test, a phone system run by an unnamed Indian bank had dumped customer PINs. In another, a buffer overflow was triggered against a back-end database. Other attacks can be used to crash phone systems outright."

16 of 178 comments (clear)

  1. Good by Anonymous Coward · · Score: 5, Funny

    I hate those automated prompts.

    1. Re:Good by JustOK · · Score: 5, Funny

      Press SQRT(-1) if this annoys you.

      --
      rewriting history since 2109
    2. Re:Good by dkleinsc · · Score: 3, Funny

      See, when you type swordfish, it shows to us as *******

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  2. Social engineering by BSAtHome · · Score: 5, Funny

    How is the turing test doing for social engineering an automated system?

    Maybe the system commited suicide after listening to those humans and just decided it was not woth it anymore.

  3. Would you like to hear other people's PINs? by pr0t0 · · Score: 5, Funny

    To hear the PINs of our other customers, please press 1, or say "yes" now.

    --
    I'm sorry, but your opinion seems to be wrong.
    1. Re:Would you like to hear other people's PINs? by frostfreek · · Score: 5, Funny

      0000
      0001
      0002
      :
      9999

  4. Oblig by gmuslera · · Score: 2, Funny

    Wonder of something like this happened.

  5. One trick by kilodelta · · Score: 3, Funny

    If you have the knack for it, whenever you encounter and IVR is to repeatedly scream a phrase at it, something like 'agent'. Good systems recognize the word and put you through to a human post haste. Shit systems, which are the predominant type, have something like a 30 or 60 second timeout before requiring human help.

    1. Re:One trick by P-niiice · · Score: 3, Funny

      I do this and get more and more pissed everytime I have to yell "Agent" at it. My kids get a huge laugh out of it everytime too.

  6. Re:What? by TWX · · Score: 5, Funny

    I'm not a programmer and I know what a buffer overflow is...

    It's when you use too much polishing compound on your buffer and it squirts out everywhere and ruins the paint on the car, right?

    --
    Do not look into laser with remaining eye.
  7. Re:Dilbert would be proud by TWX · · Score: 4, Funny

    DNWTFV...

    I'm sorry, but "shower scene" and "Dilbert" do not belong anywhere near each other.

    I had an involuntary mental image that it'd be like the shower scene from Starship Troopers but with the Dilbert characters, and then I threw up a little bit...

    --
    Do not look into laser with remaining eye.
  8. Re:What? by RaceProUK · · Score: 4, Funny

    Meh, why not?

    It fulfills the car-analogy requirement for this article at least.

    --
    No colour or religion ever stopped the bullet from a gun
  9. Re:What? by TWX · · Score: 5, Funny

    Ever contemplate how much pizza you really eat, by volume?

    Let "a" be the thickness of the crust, and let "z" be the radius.

    So, the volume of your slice, depending on how it's cut, is a fraction of pi*z*z*a.

    --
    Do not look into laser with remaining eye.
  10. Re:SQL Injection via voice? by Anonymous Coward · · Score: 5, Funny

    "Thank you for calling Mega Bank. Please say 'Customer Service' or 'Loan Application'."

    "SELECT password FROM members"

    "It sounds like you're trying to hack our system. Please hold while I access that data."

  11. Re:SQL Injection via voice? by Anonymous Coward · · Score: 3, Funny

    The article indicates that the attack was done by speaking attack commands.

    Attack commands?

    "DIE AND BURN IN HELL, YOU STUPID FUCKING PIECE OF SHIT VOICEMAIL SYSTEM!"
    "Okay. I will die now."
    *sound of distant explosion*
    "...huh. Cool. I didn't think it'd be that easy."

  12. Re:What? by MobileTatsu-NJG · · Score: 3, Funny

    Press one if you'd like to see those links again.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)