RSS Alerts

Share

More services

Related Stories

  • The battle of the internet browsers
    Browsers are the hackers’ window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and why user education is one of the primary solutions for increased security
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Battle of the Internet Browsers
    Browsers are the hacker’s window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and looks at why user education is one of the primary solutions for increased security
  • Breaking the Online Bank
    As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them
    Members' Content

Top 5 Stories

News

FBI Warns of 'Vishing' Attacks using VoIP Software

12 December 2008

The FBI has identified a new technique used to conduct "vishing" attacks, where hackers exploit a known security vulnerability in Asterisk phone software.

Asterisk is free and widely used software developed to integrate Private Branch Exchange (PBX) systems with voice over internet protocol (VoIP) digital internet voice calling services.

However, early versions of Asterisk are known to have a vulnerability, which can be exploited by cyber criminals to use the system as an auto dialler, generating thousands of vishing telephone calls to consumers within one hour.

Vishing is similar to e-mail phishing, as attackers pretend to be someone they're not. The difference is that they use voice rather than data services.

Digium, the original creator and primary developer of Asterisk, released a security advisory (AST-2008-003) in March 2008, which contains the information necessary for users to configure a system, patch the software, or upgrade it to protect against the reported vulnerability.

If consumers and firms fall victim to this exploit, their personally identifiable information (PII) will be compromised, said the FBI. To prevent further loss of PII and to reduce the spread of this new technique, the FBI said it is imperative that businesses using Asterisk upgrade their software to a version that has had the vulnerability fixed.

In addition, consumers should not release personal information in response to unsolicited telephone calls. "Providing your PII will compromise your identity," the FBI said.

"As with all types of scams, whether by computer, phone or mail, using common sense can protect you," said special agent Richard Kolko, chief of the national press office in Washington DC.

This article is featured in:
Internet and Network Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012