Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

Spoken Commands Crash Bank Phone Lines 178

Posted by samzenpus from the initiate-self-destruct-sequence dept.
mask.of.sanity writes "A security researcher has demonstrated a series of attacks that are capable of disabling touch tone and voice activated phone systems, forcing them to disclose sensitive information. The commands can be keyed in using touchtones or even using the human voice. In one test, a phone system run by an unnamed Indian bank had dumped customer PINs. In another, a buffer overflow was triggered against a back-end database. Other attacks can be used to crash phone systems outright."
This discussion has been archived. No new comments can be posted.

Spoken Commands Crash Bank Phone Lines More

Spoken Commands Crash Bank Phone Lines

Comments Filter:

  • SQL Injection via voice? (Score:4, Insightful)

    by Gotung ( 571984 ) on Monday September 17, 2012 @10:32AM (#41362363)
    "In one test, a phone system run by an unnamed Indian bank had dumped customer PINs" Sounds like a SQL injection attack, via voice. Lol. Little Bobby Tables strikes again.

  • Re:Good (Score:5, Insightful)

    by SJHillman ( 1966756 ) on Monday September 17, 2012 @10:36AM (#41362413)

    I don't mind a lot of the entirely automated systems (although some are horrible), nor do I mind waiting for a human. However, it's the hybrid systems where you go through anywhere from five to twenty layers of prompts only to be connected to a human who then asks you all of the same questions as the automated system that I really hate.

  • Re:What? (Score:5, Insightful)

    by RaceProUK ( 1137575 ) on Monday September 17, 2012 @10:38AM (#41362445)

    buffer overflows

    Not everyone on here is a programmer.

  • Re:Good (Score:5, Insightful)

    by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Monday September 17, 2012 @11:03AM (#41362761) Homepage

    I don't even mind the hybrid systems, in theory.

    What I mind is the last part. I am on with the machine, it collects all the info that a human operator would need, makes sense....helps speed things along, route calls, and keep the actual time of the operator useful, rather than monotonously getting account details....cool.

    In reality though, its exactly as you say.... I spend all that time on with the computer, give it all my info, verify my account...and then... the operator gets on and asks for all that info again....

    So it didn't save him from monotony, it didn't keep his time useful.... all it did was waste my time.... yay.

  • Re:Good (Score:5, Insightful)

    by h4rr4r ( 612664 ) on Monday September 17, 2012 @11:10AM (#41362855)

    Wasting your time is good for them, it reduces the number of hangups. Far more importantly It means hold times don't start until after all the prompts have been exhausted. This makes the call center numbers look great.

    Record a stupid metric get a stupid result.

  • Re:Video of the talk (Score:5, Insightful)

    by MobyDisk ( 75490 ) on Monday September 17, 2012 @11:53AM (#41363375) Homepage

    I don't dare run Powerpoint files or Word documents I receive from my relatives. Yet here I am downloading one from Black Hat and I feel perfectly safe. The world has gone mad.

Slashdot Top Deals

"The only way I can lose this election is if I'm caught in bed with a dead girl or a live boy." -- Louisiana governor Edwin Edwards

Close