Telecom Security – Penetration Testing PABX and Voicemail Systems

Penetration Testing of PABX and Voicemail:

We provide penetration testing of all remote access devices connected to the PABX and voice switching systems and associated subsystems.

Objective:	A security audit of your telephone and voicemail systems with the objective of “hacking into” your systems in a non-destructive manner using methodology in common use in Australia by the hacking community.
Outcome:	To compare your firm’s security against industry best practice and make recommendations in order to mitigate the risk to your system. Identify security vulnerabilities and the measures required to resolve these vulnerabilities.

Our objective is to penetrate your telephone system (PABX) and voicemail system security in the same way as a phreaker (phone hacker) would. Our technical experts are successful in 93% of cases. We will provide a detailed report on our findings including suggested improvements to your security. Clients have found this valuable even in cases where we were unsuccessful in penetrating their security. Our fee is extremely cost effective and is much lower in cost than IT security penetration tests.

Traditional IT security policies and procedures only cover penetration from the Internet. It may even cover the modem on the voicemail server but it usually does not cover the modem on your telephone system or the many ways of accessing the voicemail system from the public telephone network.

The Audit Diagram on the right provides an overview of the areas that our experts target to provide a comprehensive report identifying any risks with best practice recommendations.

We have extensive experience in exposing telephony security vulnerabilities utilising a combination of automated and manual techniques commonly used by the hacking community but not well known to the end users of PABX systems or to PABX maintainers.

Telecom Security has over time created processes, including automated systems, to streamline the testing process while maintaining “real world” hacking methodology. This allows us to provide this service extremely cost effectively.

This is a remote security audit and no onsite access is required.

We can tailor the audit to your specific requirements which would be agreed before the audit commences.

Telecom Security will conduct a “read only” review of your security. We will attempt to gain access using common PIN numbers and passwords and depending on the outcome will attempt other “read only” methods of entry including; bypassing, cascading and vertical attacks. We will make no changes to the programming of any of your systems. If we gain access (and we are successful in 93% of cases) we will review configuration and programming to determine the extent of damage that a malicious hacker could cause and document these in the report.

Telecom Security will provide a comprehensive report with both best practice recommendations written for management and technical recommendations for the PABX maintainer to follow.

All of our reports are reviewed and signed off by a senior manager as meeting our stringent quality of service delivery standards.

PABX Review:

Our detailed audit of the Remote Access system has over fifteen independent tests covering:

Remote access (RDA) modem(s) for the PABX
DISA line(s)

Voicemail Review:

We have found Voicemail systems to be the least secure of all the components of a telephone system and have developed over thirteen security tests. These are performed on:

Interactive Voice Response (IVR) / Automatic Call Distributor (ACD) systems
Auto attendants
Access to a users voicemail messages
Access to a users voicemail set-up options

War Dialling:

War dialling is a method used by hackers and involves dialling a range of numbers to see if an automated system answers (usually a voicemail system or modem).

Telecom Security has been able to develop a combined automated and manual system which will enable us to war dial every number within the Indial range to expose security vulnerabilities, misconfigured devices, unsecured devices or even unknown devices or services. Our report details every number within the Indial range and what we were able to discover of that service.

War dialling is conducted outside of business hours.

We will war dial:

Indial Range of each system including PSTN & ISDN services
1800/1300/13 Services where requested

Outcomes include identification of:

unused voicemail boxes
misconfigured mailboxes
partially configured mailboxes
voicemail pilot number(s)
IVR access number(s)
lines with voicemail faults
IT modems. We often identify a number of modems connected to IT systems which the IT department were unaware of.

Multiple Sites:

Where an organisation has more than one site (ie; offices in more than one location) it is not always necessary to audit every site. We would be pleased to discuss this with you.

Home