Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Toll Fraud activity on Mitel Voicemail

Status
Not open for further replies.
kwbMitel

kwbMitel

Technical User
Oct 11, 2005
11,503
0
36
CA
I don't know if it's just my territory or more global but I'm seeing a lot of activity on voicemail hacking.

Here is a copy of what I sent to my Mitel Rep recently

Mitel Embedded voicemails are a target of opportunity mainly in the hospitality industry.

A system is at risk in the following scenario
[ul]
[li]The voicemail system runs as an auto-attendant at any time during the day[/li]
[li]The voicemail ports are unrestricted for long distance and conferencing[/li]
[li]And either of the following:[/li]
[li]The Administrator mailbox (99, 999, 9999, 99999) has a default passcode[/li]
[li]Specifically, if the Technicians passcode is left at default (quite likely)[/li]
[li]The Attendant Mailbox (0) is left with a default passcode[/li]​

[li]With the above at risk, unauthorized persons can reconfigure the dial zero routing on the system to dial an external number for toll fraud purposes.[/li]
[/ul]
Remedy for hacked system
[ul]
[li]Change Administrators MB passcodes[/li]
[li]Technician[/li]
[li]Administrator[/li]
[li]Manager[/li]​

[li]Change the Attendant MB passcode[/li]
[li]Verify that the attendant mailbox dials the appropriate extension (0) or site specific extension.[/li]
[li]Access the personal directory numbers for the dial zero mailbox and verify none are set or that they are set appropriately[/li]
[li]Advise customer to avoid simple passcodes for regular mailboxes[/li]
[li]Verify that the Voicemail ports are restricted from dialing long distance[/li]
[/ul]


**********************************************
What's most important is that you realise ... There is no spoon.
 
Sort by date Sort by votes
whay do they need the ports left at unrestricted ?
we just lock them all ( embedded and Nupoint ) to Country wide - not international , that stops any intereset , it seems that international and premium number calling is the main reason for hacks these days

If I never did anything I'd never done before , I'd never do anything.....

 
Upvote 0 Downvote
kwbMitel, I am close to your region and I have seen the hacking also of late, all good points
 
Upvote 0 Downvote
@Billz66

Leaving the ports unrestricted is typically laziness or ineptitude on the part of the installer
Leaving the Tech passcode open is typically due to ignorance of its existence (especially on SX-200's)
Leaving the MB Zero at default might be due to false security or rarity of actual usefulness



**********************************************
What's most important is that you realise ... There is no spoon.
 
Upvote 0 Downvote
At least with the later versions the system enforces you to set a admin,manager and technician code in the VM Option form. (on 3300)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

LidLock Technologies
  • Locked
  • Question
Mitel NuPoint Voicemail
Replies
4
Views
89
LidLock Technologies
LidLock Technologies
JSpirate213
  • Locked
  • Question
Locating Voicemail Only Extensions Nupoint Web Counsel/Mitel 3300
Replies
1
Views
85
kwbMitel
kwbMitel
Asterixx
  • Question
mitel alarm
Replies
1
Views
200
Lundah
Lundah
dmanghani
  • Question
Mitel MiVoice Solution
Replies
2
Views
200
sarond
sarond
stevea2Z
  • Question
mitel 400 multisite
Replies
1
Views
183
Cody2020
Cody2020

Part and Inventory Search

Sponsor

Back
Top