Weaponize Your Feature Codes

Presented at DEF CON 24 (2016), Aug. 4, 2016, 1 p.m. (60 minutes)

Almost everyone is familiar with feature codes, also known as star codes, such as *67 to block caller ID or *69 to find out who called you last. What if the feature codes could be used as a weapon? Caller ID spoofing, tDOSing (Call flooding), and SMS flooding are known attacks on phone networks, but what happens when they become as easy to launch as dialing *40? Weaponize Your Feature Codes will first take the audience through a brief history of feature codes and common usage, and then demonstrate the more nefarious applications. The presentation will share the Asterisk code used to implement these "rogue" features, and mention possible ways of mitigation. While this talk builds upon previous work from the author, referenced in past DEF CON presentations, the new code written makes carrying out such attacks ridiculously easy

Presenters:

• Nicholas Rosario / MasterChen - VoIP Administrator   as Nicholas Rosario (MasterChen)
  Nicholas RosarioMasterChen, is currently a VoIP Administrator. He has been published in 2600: The Hacker Quarterly twice for his research on the Asterisk PBX system and has given presentations at BSides Las Vegas and the DEF CON 303 Skytalks. His most recent research blends technology with psychological principles. MasterChen is an active member of the SYNShop hacker space in Las Vegas, NV and a co-founder and host of the weekly GREYNOISE infosec podcast. Twitter: @chenb0x Instagram: @chenb0x website

Links:

• https://defcon.org/html/defcon-24/dc-24-speakers.html#Rosario
• https://infocon.org/cons/DEF CON/DEF CON 24/DEF CON 24 video and slides/DEF CON 24 - MasterChen - Weaponize Your Feature Codes - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=5RrvZicVoZw

Similar Presentations:

• H2K2 (2002) / Caller ID Spoofing