Dangerous security flaw discovered in widely-used telephone adapters

A new white paper from TransNexus describes a recently discovered security flaw in a widely used Analog Telephone Adaptor (ATA) that enables hackers to secretly steal the SIP credentials of hundreds of thousands of SIP subscribers. The credentials can then be resold to enable wholesale telecom fraud.

Adding to the problems, though the hacked ATA devices will continue to function, leaving the compromised customer completely unaware of the attack, the device will stop talking to the carrier’s configuration server. When (and if) the security breach is discovered, a carrier cannot make a global change that is pushed out to all devices at once. Rather, the service provider must contact each individual device owner to perform a factory reset.

“Once we discovered this particular vulnerability, we were able to get ahead of it pretty quickly,” said Ryan Delgrosso, CTO at telecommunications provider, Phone Power. “We have seen other carriers with thousands of compromised accounts. We have since shared our findings with many other carriers, and have validated that this is happening across the industry, on a global scale. For many, this can be a nightmare scenario.”

The white paper, VoIP Theft of Service: Protecting Your Network details the complete ATA hacking scenario, as well as serveral other variations on International Revenue Sharing Fraud (IRSF). It also provides details on how to combat telecom fraud with fraud detection software, including TransNexus’s popular SDReporter.