Businesses warned over VoIP PBX security

FBI and security specialists have uncovered a flaw on some systems that could leave the PBX open to external attack.

Networking

IP PBX installations are potentially at risk from external hacking attacks following the discovery of a major security flaw.

The discovery was revealed by the US Federal Bureau of Investigation (FBI) and relates to the Asterisk open-source product that turns a Linux computer into a VoIP phone exchange.

Hackers are exploiting the vulnerability in order to hijack a company's PBX to use it for so-called vishing' attacks, whereby people are duped into calling a fake call centre, usually based on the hijacked PBX, where they are then tricked into handing over their sensitive data. At the same time, the company suffering the PBX hijack is usually left with a hefty phone bill.

The FBI didn't reveal which versions of Asterisk were vulnerable in order to limit the amount of information on offer to hackers. However, upgrading to the latest version of the software will apparently fix the issue.

Asterisk, like several other open-source VoIP PBX systems, is used extensively in the small business arena due to its low deployment cost and good reputation for reliability and ease of use.

"The problem facing small business users of VoIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company's broadband connection, most firms' IT security resources do not extend their complete protective envelope around the PBX platform," said Rob Rachwald, director of product marketing at application vulnerability specialist Fortify.

"This means that users of VoIP PBX systems who think their telephone system is covered by, for example, a firewall application, can wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised."

Rachwald added that a growing number of open source applications, including Asterisk, are being security tweaked and installed on more secure dedicated appliances, rather than repurposed PCs.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021