This has been bothering me, and I just can't let it go. A few days ago I had to make a call to a customer location for a support call.
They didn't pick the phone and there was no menu or even the call being dumped to voice mail. This isn't ground breaking news. It did get me nervous because of what I did hear. Automated message instructing the caller to enter their 4 digit PIN. You don't have to be a cybersecurity specialist to understand this vulnerability. There is a finite number of combinations that could be the PIN to get into that phone network. A brute force attack is conceivable.
Before anyone thinks "so what it is just access to one phone number?". This is is serious, not too long ago a few phone hackers were able to infiltrate the VOIP (Voice Over Internet Protocol) phone system a NJ company making automated calls to 900 numbers on a preassigned schedule. This lead to damages of a phone bill nearing $80,000 a month until it was found out and corrected. This has also happened to other companies but I'll leave that level of research to those that really want to know.
That customer's IT department was contacted. At this time it has not been corrected. If you are in IT or corporate security please look into your own systems. It is possible that what I encountered was an isolated incident that was over looked or it could be negligence. In a world where the words like cyber-attack, ransomware and advanced persistent threats are appearing more often in conversations these days I think it benefits us all to be cautious.
Comments