Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoken Commands Crash Bank Phone Lines

Posted by samzenpus on from the initiate-self-destruct-sequence dept.

mask.of.sanity writes "A security researcher has demonstrated a series of attacks that are capable of disabling touch tone and voice activated phone systems, forcing them to disclose sensitive information. The commands can be keyed in using touchtones or even using the human voice. In one test, a phone system run by an unnamed Indian bank had dumped customer PINs. In another, a buffer overflow was triggered against a back-end database. Other attacks can be used to crash phone systems outright."

21 of 178 comments (clear)

  1. Good by Anonymous Coward · · Score: 5, Funny

    I hate those automated prompts.

    1. Re:Good by SJHillman · · Score: 5, Insightful

      I don't mind a lot of the entirely automated systems (although some are horrible), nor do I mind waiting for a human. However, it's the hybrid systems where you go through anywhere from five to twenty layers of prompts only to be connected to a human who then asks you all of the same questions as the automated system that I really hate.

    2. Re:Good by JustOK · · Score: 5, Funny

      Press SQRT(-1) if this annoys you.

      --
      rewriting history since 2109
    3. Re:Good by TheCarp · · Score: 5, Insightful

      I don't even mind the hybrid systems, in theory.

      What I mind is the last part. I am on with the machine, it collects all the info that a human operator would need, makes sense....helps speed things along, route calls, and keep the actual time of the operator useful, rather than monotonously getting account details....cool.

      In reality though, its exactly as you say.... I spend all that time on with the computer, give it all my info, verify my account...and then... the operator gets on and asks for all that info again....

      So it didn't save him from monotony, it didn't keep his time useful.... all it did was waste my time.... yay.

      --
      "I opened my eyes, and everything went dark again"
    4. Re:Good by h4rr4r · · Score: 5, Insightful

      Wasting your time is good for them, it reduces the number of hangups. Far more importantly It means hold times don't start until after all the prompts have been exhausted. This makes the call center numbers look great.

      Record a stupid metric get a stupid result.

    5. Re:Good by SlippyToad · · Score: 5, Interesting

      the operator gets on and asks for all that info again....

      I bitched about that once. Turns out, they are killing time while your screen comes up from their glacially-slow system.

      --
      One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
  2. Social engineering by BSAtHome · · Score: 5, Funny

    How is the turing test doing for social engineering an automated system?

    Maybe the system commited suicide after listening to those humans and just decided it was not woth it anymore.

  3. Would you like to hear other people's PINs? by pr0t0 · · Score: 5, Funny

    To hear the PINs of our other customers, please press 1, or say "yes" now.

    --
    I'm sorry, but your opinion seems to be wrong.
    1. Re:Would you like to hear other people's PINs? by frostfreek · · Score: 5, Funny

      0000
      0001
      0002
      :
      9999

  4. Video of the talk by Tryfen · · Score: 5, Interesting

    You can you watch a video of the talk on YouTube - or read the slides at BlackHat.

    Fairly interesting to see how buffer-overflows can occur in the most unlikely places.

    --
    If a square is really a rhombus, why aren't all triangles purple?
    1. Re:Video of the talk by bouldin · · Score: 5, Informative

      There's more detail here, including links to papers: http://voipsecurityblog.typepad.com/marks_voip_security_blog/2012/09/dtmf-telephony-denial-of-service-tdos-issues-for-ivrs.html

    2. Re:Video of the talk by MobyDisk · · Score: 5, Insightful

      I don't dare run Powerpoint files or Word documents I receive from my relatives. Yet here I am downloading one from Black Hat and I feel perfectly safe. The world has gone mad.

  5. Re:What? by RaceProUK · · Score: 4, Insightful

    buffer overflows

    Not everyone on here is a programmer.

    --
    No colour or religion ever stopped the bullet from a gun
  6. Re:What? by TWX · · Score: 5, Funny

    I'm not a programmer and I know what a buffer overflow is...

    It's when you use too much polishing compound on your buffer and it squirts out everywhere and ruins the paint on the car, right?

    --
    Do not look into laser with remaining eye.
  7. Re:Dilbert would be proud by TWX · · Score: 4, Funny

    DNWTFV...

    I'm sorry, but "shower scene" and "Dilbert" do not belong anywhere near each other.

    I had an involuntary mental image that it'd be like the shower scene from Starship Troopers but with the Dilbert characters, and then I threw up a little bit...

    --
    Do not look into laser with remaining eye.
  8. Re:What? by RaceProUK · · Score: 4, Funny

    Meh, why not?

    It fulfills the car-analogy requirement for this article at least.

    --
    No colour or religion ever stopped the bullet from a gun
  9. Re:What? by TWX · · Score: 5, Funny

    Ever contemplate how much pizza you really eat, by volume?

    Let "a" be the thickness of the crust, and let "z" be the radius.

    So, the volume of your slice, depending on how it's cut, is a fraction of pi*z*z*a.

    --
    Do not look into laser with remaining eye.
  10. Re:One trick by fuzzyfuzzyfungus · · Score: 4, Interesting

    If you have the knack for it, whenever you encounter and IVR is to repeatedly scream a phrase at it, something like 'agent'. Good systems recognize the word and put you through to a human post haste. Shit systems, which are the predominant type, have something like a 30 or 60 second timeout before requiring human help.

    Some systems may actually be responding to the vocal stress cues. In an effort to pretend to care, while minimzing the number of actual humans needed, some designs will prioritize the ones that sound increasingly angry so as to get them dealth with and out of the way. I find that it generally isn't difficult to convincingly emulate boiling rage, and(depending on whether the phone drone knows he is being dumped into a rage call or not) immediately switching to polite-and-businesslike when the human comes on usually works pretty well.

  11. Re:SQL Injection via voice? by Anonymous Coward · · Score: 5, Funny

    "Thank you for calling Mega Bank. Please say 'Customer Service' or 'Loan Application'."

    "SELECT password FROM members"

    "It sounds like you're trying to hack our system. Please hold while I access that data."

  12. Re:One trick by PRMan · · Score: 5, Interesting

    Pressing 0 works on a little more than half of systems. Make sure you keep pressing 0 in response to every prompt.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  13. seen it done. not new. by gigne · · Score: 5, Interesting

    Working in the industry, and having to read low level logs all of the time, I see this frequently.
    People will call up, wait for a silence, and after 500ms start pumping down DTMF signals. Often they do this with seemingly random patterns 3-4 times before giving up.
    often times they retry promps with longer and longer strings. This is old news.

    I am guessing there is a wardialler in ther that is looking for specific systems at the other end. Sort of known phreak attacks.

    Weird things like this exist and have existed for a long time. Hardware and software suppliers check for this now. We routinely check for stuff link this in dev and QA.

    The submitter is doing nothing new, nothing unknown or even clever. These sorts of phreaks are older than I am. meh.

    --
    Signature v3.0, now with 42% less memory usage.