摘要:Telephony is a global service and thus telephone networks have been a coveted target for criminals. Now that voice can be transported over IP and that multiple services are integrated in a convergent model through Internet, there are more incentives to attack and more attackers. Moreover, the development of open source telephone applications has encouraged the massive use of IP telephony, but not an increased awareness about embedded security risks. Due to the current and intensive adoption of IP telephony systems in Ecuador, we conducted an exploration based on public information to obtain statistics about telephone systems connected to Internet in Ecuador. Additionally, using a deliberately vulnerable IP telephony system, we collected more data to do a preliminary analysis of threats to such systems. We found that hundreds of telephone systems were publicly available on the Internet and using outdated versions of Asterisk-based applications. We also found thousands of malicious interactions on the IP telephony system we deployed on the Internet.
