Almost everyone is familiar with feature codes, also known as star codes, such as *67 to block caller ID or *69 to find out who called you last. What if the feature codes could be used as a weapon? Caller ID spoofing, tDOSing (Call flooding), and SMS flooding are known attacks on phone networks, but what happens when they become as easy to launch as dialing *40?
Weaponize Your Feature Codes will first take the audience through a brief history of feature codes and common usage, and then demonstrate the more nefarious applications. The presentation will share the Asterisk code used to implement these “rogue” features, and mention possible ways of mitigation. While this talk builds upon previous work from the author, referenced in past DEF CON presentations, the new code written makes carrying out such attacks ridiculously easy
Nicholas RosarioMasterChen, is currently a VoIP Administrator. He has been published in 2600: The Hacker Quarterly twice for his research on the Asterisk PBX system and has given presentations at BSides Las Vegas and the DEF CON 303 Skytalks. His most recent research blends technology with psychological principles.
MasterChen is an active member of the SYNShop hacker space in Las Vegas, NV and a co-founder and host of the weekly GREYNOISE infosec podcast.