These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them to
activate services or to get sensitive information.
Summary: Dual-tone multi-frequency signaling (DTMF) is a voice-frequency used in
Interactive Voice Response systems (IVRs).
For each key pressed, a dial tone is created by combining the frequencies of the
corresponding numbers row and column. For example, the dial tone of “5” is created by
combining the frequency of “770Hz” and “1336 Hz” and the resultant is the frequency
Abstract: The attack is a phreak attack on IVR systems which are yet to be completely
made VOIP. These Interactive Voice Response systems work on frequency and based on the frequency certain commands and functions are processed. Since these frequencies are generated by the phone, these frequencies are recorded and used to activate services or to get sensitive information for one or multiple users at the same time.
Steps to reproduce attack:
Possible attack scenarios: In the attack scenarios described above we only used
frequencies that of dial tone from 0-9, it is possible to disrupt the systems, control any
users IVR input and subscribe for services, change settings, extract information and
can also cause a denial of service.
CVE-2018-11518 is been assigned to HCL legacy IVR systems, however our research
says IVR belonging to the vendors such as IBM, COMVIVA, SPICEDIGITAL might be
vulnerable to such attacks.