Brute Forcing Interactive Voice Response (IVR) Systems

Presented at DEF CON 19 (2011), Unknown date/time (Unknown duration).

This talk proposes a concept about brute forcing IVR systems using popular VOIP / calling programs. The technique suggested here can be used to brute force DTMF flavored IVRs including those in the banking sector. The proposed concept attempts to integrate the VOIP program's API with existing speech APIs such as Java Speech API or Microsoft Speech SDK and build an automated IVR brute forcer.


Presenters:

  • Harish Skanda Sureddy
    Harish Skanda Sureddy is a security researcher primarily focusing on application and mobile security and malware research. He has close to five years of experience and is currently employed with one of the leading consulting firms. He has presented a paper on Web Application Penetration Testing in QAI Summit 2007 in Bangalore, India and is also one of the authors of the OWASP Testing Guide v3.

Links:

Similar Presentations: