Asterisk: A VoIP Hacker's Best Friend
Possibly the most disturbing news out of the Black Hat security conference last week was how Asterisk, the open source PBX, is being increasingly used by hackers in a wide variety of hard-to-stop VoIP hacks. Everyone, from home users to corporate networks, could become a target.
Talks at the show explained just how easily an Asterisk-based PBX can be used to launch attacks, notably "vishing" attacks, in which hackers use VoIP calls instead of phony Web links to steal personal and financial information.
Asterisk has become the hacker's favored tool because it's free, easy to use, and works with cheap, off-the-shelf hardware. Install Asterisk on an inexpensive PC, do a little tweaking, and you've got a full-blown PBX, something that previously would have been extremely expensive and time-consuming to do.L33tdawg: There are only a couple of seats left for The Grugq's Applied VoIP Phreaking training class that will be held on the 18th and 19th of September. This is the same training class that was carried out last week at Blackhat. If you want to have an inside look into breaking VoIP implementations and other nasties be sure you register now. The Grugq will also be releasing a new VoIP tool at HITBSecConf2006 called SIPhallis. The tool allows an attacker to carry out attacks ranging from the ability to make free calls to spoofing caller ID on a VoIP network.