Dangerous Security Flaw Discovered in Widely Used Telephone Adapters
Analog Telephone Adapter (ATA) flaw enables telecom fraud, according to a new white paper.
ATLANTA, April 30, 2013 /PRNewswire/ — A new white paper from TransNexus describes a recently discovered security flaw in a widely used Analog Telephone Adapter (ATA) that enables hackers to secretly steal the SIP credentials of hundreds of thousands of SIP subscribers. The credentials can then be resold to enable wholesale telecom fraud.
Adding to the problems, though the hacked ATA devices will continue to function, leaving the compromised customer completely unaware of the attack, the device will stop talking to the carrier’s configuration server. When (and if) the security breach is discovered, a carrier cannot make a global change that is pushed out to all devices at once. Rather, the service provider must contact each individual device owner to perform a factory reset.
“Once we discovered this particular vulnerability, we were able to get ahead of it pretty quickly,” said Ryan Delgrosso, CTO at telecommunications provider, Phone Power. “We have seen other carriers with thousands of compromised accounts. We have since shared our findings with many other carriers, and have validated that this is happening across the industry, on a global scale. For many, this can be a nightmare scenario.”
The white paper, “VoIP Theft of Service: Protecting Your Network” details the complete ATA hacking scenario, as well as several other variations on International Revenue Sharing Fraud (IRSF). It also provides details on how to combat telecom fraud with fraud detection software, including TransNexus’s popular SDReporter. The white paper is available for free at http://www.transnexus.com/index.php/voip-theft-of-service.
This is the third installment of a series of white papers from TransNexus on the topic of VoIP fraud. The first two papers, “An Introduction to VoIP Fraud” and “VoIP Security Best Practices” are also available to download on the TransNexus website.
TransNexus is a software development company specializing in applications for managing wholesale VoIP networks. Important carrier features offered by TransNexus are fraud detection, dynamic least cost and quality of service routing, number portability, profitability analysis and wholesale billing. TransNexus is located in Atlanta, Georgia and is a privately held Delaware C corporation. For more information, visit http://www.transnexus.com.
SOURCE TransNexus, Inc.