Think like a hacker! Protect your telephone system – part 1: education

The modern Internet landscape can be a minefield for the layperson as well as the semi-literate. To keep an Internet-connected phone system secure and always online at all times, you need to be aware of possible security risks and also be able to manage them. This series of articles is dedicated to how best to protect your telephone system. The same principles and policies can be applied to any other system or network you manage.

In Part 1, we address the need for reconnaissance and information gathering as the first phase of the hacking methodology.

Here are dragons: Your current security landscape

Let’s start with some facts for a better understanding of the current environment in which your system operates:

FACT 1: As soon as you connect a system to a public IP, it immediately causes a flood of automated bot scans. These bots attempt to identify the running software and any open ports on your system to enable a targeted attack on discovered vulnerabilities.

FACT 2: Any software or hardware you use can and literally will be used against you. Software and hardware vulnerabilities in the system – whether disclosed or not – define your main risk for attacks on your system(s). Such vulnerabilities may include the following:

  • Compromises made during the design phase, z.B. Hidden and/or unsecured ports and APIs (Application Programming Interfaces) for remote management
  • Undisclosed software and/or hardware vulnerabilities, z.B. Backdooring or eavesdropping utilities
  • lax security measures that allow snooping, z.B. unencrypted data transfer via FTP, HTTP, email

FACT 3: Most successful hacks are neither detected nor confirmed. Gone are the days of publicly defaced servers just for fun. Such shenanigans have been replaced by malicious, covert and prolonged hostile takeovers of systems with far more serious intentions and purposes. A typical case is an attack in which data is held "hostage" or threatened to be released unless a ransom is paid to the perpetrator.

FACT 4: Compromised systems are very valuable to malicious actors because they can be used and abused for a variety of purposes. The dark web hosts a number of opaque marketplaces where access to compromised servers and confidential information is negotiated, bought and sold for virtual currencies.

FACT 5: Phishing and other social engineering tactics represent a lucrative business for cyber criminals. Their main goal is to skim credentials of users or administrators via emails, phone calls or even personal visits.

FACT 6: Another very real and challenging threat is trusted insiders using their privileged access for targeted manipulation and/or malicious machinations. These people can cause damage in various ways – in most cases by sneaking out confidential data unnoticed.

Phase 1: Reconnaissance& Information Retrieval

The main goal of reconnaissance is to analyze all the information about your network and/or devices and gain valuable insight from these. This learning process is ultimately aimed at finding the "path of least resistance" to gain access and compromise a target. In essence, such a reconnaissance operation consists of scanning a target network or system with the intention of carrying out a precise and undetected attack -just as a hunter observes the behavior of his prey prior to the attack.

Reconnaissance methods

Especially if it is a VoIP target, the attacker may be interested in obtaining information about network hosts/servers, including the type and version of PBXs, VoIP media gateways, and SIP clients. The reconnaissance is a crucial part of the hacking methodology and serves as a basis for all subsequent actions. To hack a system, you must first identify its nature and characteristics. Reconnaissance can be categorized into the following activities:


In passive mode, an attacker collects information without interacting directly with the target. OSINT (Open-Source Intelligence) can be used to find information about internal and external networks from publicly available sources. This extremely powerful method can provide valuable results from a variety of sources, including public IP and DNS history, WHOIS databases, cloud storage buckets, and social media accounts. Be aware that any information you post is of value to someone, somewhere.


In active mode, an attacker interacts directly with the target to identify points of interest.


One way of active reconnaissance is to scan all services/endpoints identified in the search for live systems, open ports and any running services, including their version. In this way, z.B. Identify the software running on a server/service by checking its specific listening ports and/or looking for a web interface that promotes that particular brand/version. Other typical actions include mapping the network and devices using tools such as "nmap" or spoofing Address Resolution Protocol (ARP) messages in LAN devices to perform a Man In The Middle (MITM) attack.

Social Engineering

Another method of obtaining valuable information about a target is social engineering. This requires direct contact via e-mail, telephone or a personal encounter with a target person. A good example is calling as a supposed support technician under the pretext of solving a problem, for which sensitive or confidential information is requested by the called employee. Social engineering is directly related to phishing methods.


This method aims to capture data packets over the local network. An attacker here uses various methods to receive packets destined for other devices and examines them for sensitive information such as usernames, passwords, keys and files.

Using the information gathered by the methods mentioned here, an attacker can now easily proceed with the process of data accumulation. The goal here is to collect and extract additional information from the various identified services – including users, emails, directories, hostnames, network shares, applications and more. A common occurrence with VoIP is default credentials used in devices such as gateways and/or IP phones.

So much for the first part of our series about the security of your phone system. We welcome your comments and suggestions in our forum.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: