War Dialing/Telephony Penetration Testing (aka Phone Hacking)

How to protect your money and data from Phone Hacking

Nano IT Security offers war dialing pentesting war dialing pentesting to prevent money and data theft.  “War Dialing” is one of the many avenues of entry/information gained via remote access through a dial-up connection to other phone controlled systems (IVR, DISA etc).


The attack method is known as “War Dialing” (aka Phone Hacking) and is now being easier to perform due to the explosion in VOIP services and providers.


War Dialing is a technique used  to perform “port scanning” but for telephones. Numbers are dialed systematically and the answering tones are assessed. Just as with a port scanner, available a War Dialing assessment looks for answering resources and then the attacker can then attempt to attack the service in order to gain access.

We produce a comprehensive report covering the approach, the techniques utilized, and the vulnerabilities identified.  The detailed report contains recommendations to ensure that your systems are secured against the attack.  Nano IT’s War Dialing Penetration Test follows documented security testing methodologies which include:

  • Footprinting of organisation phone ranges.
  • Connection testing of discovered ranges (War dialing).
  • Attempt access to discovered services (eg. Modems, PABX DISA services, Voicemail Systems, Menu systems etc.)

Why should you perform a War Dialing PenTesting?

A War Dialing Pentesting allows organisations to test, if an attacker is able to discover the services and then the likelihood of an attacker to gain access to data or perform service abuse at the cost of the victim.

While dial-based exposures were the original hackers’ entry points, in recent years IT managers have focused assessment monies on Internet-based vulnerabilities, largely ignoring those associated with their telephone systems.

But these phone-based vulnerabilities represent the easy way into many network environments still to this day. The best firewall cannot protect against rogue modems operating on critical servers or user desktops.

Test your telephony ‘s security

Best Practice recommends that each organisation perform Pentesting (War Dialing PenTesting/Web Application Pentesting/Internal Pentesting/External Pentesting) as part of their regular Security Program in order to ensure the security of their telecom security defenses.
error: Content is protected !!