The Phony Pony: Phreaks Blazed The Way

DerbyCon V - Unity

Presented by: Patrick McNeil, Owen (Snide)
Date: Friday September 25, 2015
Time: 18:00 - 18:50
Location: Track 3
Track: Teach Me

Exploring the phone system was once the new and exciting realm of phone phreaks, an ancestor of today’s computer hackers. The first phreaks owned and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal computer revolution wherein phone phreaks made the transition from the secret subtleties of telephony to the new and mystical frontier of personal computing. Private BBS(s) and, eventually, the Internet was not only the next logical step forward, but also provided safer alternatives that still allowed for the thrill of exploring the mysteries of a new modern age. Telephony, and voice security in general, became, as the years passed, something of a lost art to all but those who remember… In this presentation we begin our adventure with a journey back in time, when users required an operator at the switchboard to make a call. We will briefly take a look at the weaknesses of early telephone systems and the emergence of the original phreaks in the 50’s and 60’s who found and exploited them. Our journey will also allow us to demonstrate how some of the same basic phreaking approaches are still applicable to today’s “advanced” VoIP systems. Certainly the initial creation and emergence of VoIP opened a variety of attack vectors that were covered at security conferences at the time. Commercial VoIP adoption, however, remained stagnant until standards and carriers caught up. Some VoIP hacking tools were left unmaintained, and VoIP wasn’t the sexy and mysterious attack vector it once was with the exception of tricksters who found old or insecure systems to be easy targets. Due to increased VoIP adoption over the last few years, however, telephony attacks are provocative once again. We’ll unravel the mysteries of the curious world of phreaks, tricksters, and VoIP hackers. We’ll compare and contrast old school phreaking with new advances in VoIP hacking. We’ll explain how voice systems are targeted, how they are attacked using old and new methods, and how to secure them - with demonstrations along with practical and actionable tips along the way. We’ll even be providing an update to Phreakme - our new VoIP telephony phishing tool that fuses the past and the present.

Patrick McNeil

Owen


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats