5 research outputs found

    Side-Channel VoIP Profiling Attack against Customer Service Automated Phone System

    Full text link
    In many VoIP systems, Voice Activity Detection (VAD) is often used on VoIP traffic to suppress packets of silence in order to reduce the bandwidth consumption of phone calls. Unfortunately, although VoIP traffic is fully encrypted and secured, traffic analysis of this suppression can reveal identifying information about calls made to customer service automated phone systems. Because different customer service phone systems have distinct, but fixed (pre-recorded) automated voice messages sent to customers, VAD silence suppression used in VoIP will enable an eavesdropper to profile and identify these automated voice messages. In this paper, we will use a popular enterprise VoIP system (Cisco CallManager), running the default Session Initiation Protocol (SIP) protocol, to demonstrate that an attacker can reliably use the silence suppression to profile calls to such VoIP systems. Our real-world experiments demonstrate that this side-channel profiling attack can be used to accurately identify not only what customer service phone number a customer calls, but also what following options are subsequently chosen by the caller in the phone conversation.Comment: 6 pages, 12 figures. Published in IEEE Global Communications Conference (GLOBECOM), 202

    A Study of Scams and Frauds using Social Engineering in “The Kathmandu Valley” of Nepal

    Get PDF
    Social Engineering scams are common in Nepal. Coupled with inability of government to enforce policies over technology giants and large swaths of population that are uneducated, social engineering scams and frauds are a real issue. The purpose of the thesis is to find out the extent and impact of social engineering attacks in “The Kathmandu valley” of Nepal. The Kathmandu valley consists of 3 cities including the capital city of Nepal. To conduct the research, the newspaper “The Kathmandu Post” from the year 2019 to 2022 was downloaded and searched for keywords “scam” and “fraud”. After which the results were manually examined to separate news reports of social engineering attacks in Nepal and other countries. Also, a survey was conducted by visiting parks in the Kathmandu valley. A total of 149 people were interviewed to collect data by asking 21 questions regarding social engineering attack faced by the interviewee. Further, literature review of the research papers published related to social engineering and phishing was conducted. The main finding of the thesis was that public awareness program are effective reducing the extent and impact of social engineering attacks in Nepal. The survey suggests large percentage of population have become victims of social engineering attack attempts. More than 70 percent have received messages on WhatsApp regarding fake lottery wins
    corecore