Categories
News Hacking

Apple Targeted in Ransomware Attack, Hackers Demanded $50 million

Recently, Apple has been hit by a ransomware attack. The hacker group is named “REvil” has said that they have stolen data and schematics from an Apple supplier. However, the hacker gang demanded $50 million, if not they would sell the data.

Apple Hit by REvil Ransomware Attack before ‘Spring Loaded’ Event

Apple Targeted in Ransomware Attack, Hackers Demanded $50 million

Hackers have got access to the plans of the upcoming product by Apple. According to Kaspersky Security, REvil is available on the dark-web forums in the form of a subscription. It has two groups of attackers, the first one find the breach and injects REvil and the second one creates malware.

The ransom attack was first revealed by a group of hackers on the dark web dubbed as “Happy Blog”. They claim the ransomware attack on Quanta Computer. However, the group first attempted to have a deal with the supplier, and it posted the details of the Apple devices before the “Spring Loaded” event.

The REvil group is also known as Sodinokibi. It is said that on the dark Web it got access to the computer network of Apple Supplier Quanta Computer. It is a Taiwan-based hardware manufacturer that supplied MacBook Air, MacBook Pro, and Apple Watch.

The hackers shared some schematics that look like the new iMac and new MacBook models. The operator of Ransomware has warned Apple to buy the available data by May 1 if they don’t want further leaks of its data.

Until Apple gets ready, the hackers have threatened to post new files every day. They have also said that they are negotiating the sale of large quantities of drawings and gigabytes of personal data with some major manufacturers.

Quanta Computer has not given any clarity on whether it is negotiating with REvil group or not.

A spokesperson from Quanta Computer said,

“Quanta Computer’s information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers. We’ve reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There’s no material impact on the Company’s business operation.”

Categories
News Hacking

Domino’s India Hack: Sensitive User Data, 10 Lakh Credit Cards Details Leaked Online

What is it with 2021 and data breaches? It seems like hackers have become hyperactive amidst the pandemic and are breaching the security of major companies like Facebook, Mobikwik, and LinkedIn. Now, as per recent reports, sensitive customer and employee information of Domino’s India, including credit card numbers, phone numbers, and names, have allegedly leaked on the dark web.

Although nothing is substantial, as of now, Alon Gal, the CTO of cybersecurity firm Hudson Rock shared a tweet about Domino’s India’s data leak. As per the tweet, a “threat actor” has allegedly hacked Dominos India’s database and stole 13TB worth of data. You can check out the tweet right below:

Domino’s India Data Leaked

The leaked data includes sensitive information of millions of customers including details close to 18 crores orders, ten lakhs credit cards, real names, addresses, email IDs, and payment details. Apart from these, the data also allegedly includes data of Dominos India’s internal files from 2015 to 2021. This even includes the personal info of around 250 employees, as per screenshots.

As per the reports, the hacker is also aiming to build a search system for the 13TB database to query the leaked data. Moreover, according to Gal, the hacker is selling the data for around 10 BTC, which translates to $569,000 or Rs 4.25 crores considering the current market rate of Bitcoin.

Following the alleged data leak, Gadgets 360 reached out to Dominos India to comment on the topic. As per a company spokesperson, Jubilant Foodworks, which runs the Dominos franchise in India, Srilanka, and Bangladesh, has denied the data leak. However, as per the statement, the firm did experience “an information security incident recently.”

“No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised,” added the spokesperson.

“Our team of experts is investigating the matter and we have taken necessary actions to contain the incident,” the statement further added. With this in mind, we suggest you reset your password on the Domino’s India app (AndroidiOS) right away.

Categories
Hacking

10 Best Operating Systems For Hackers [2021]

Lots of people consider ‘Hacking’ as an evil and illegal thing. However, it’s not true at all. Hacking has always been a part of computing, and it’s a much broad subject than you think. An ethical hacker’s work is to find loopholes or vulnerabilities in-network or any other protocol.

There are lots of people who are willing to learn ethical hacking. There are many courses available on the web, which can help you understand ethical hacking in a few years. If you are also willing to learn to hack, you should start using the Linux distro immediately.

1. Kali Linux

Kali Linux

Well, Kali Linux is by far the most popular Linux distribution for digital forensic and penetration testing. You won’t believe it, but the operating system offers over 600+ penetration-testing applications. It supports both 32-bit and 64-bit images for use with x86 machines. Kali Linux even supports a wide range of development boards like BeagleBone, Odroid, CuBox, Raspberry Pi, and more.

2. Backtrack

Backtrack

Backtrack is another best and popular Linux-based operating system widely used for penetration testing and security research. You won’t believe it, but the operating system provides users access to a wide range of security-related tools for port scanning, Security audit, WiFi inspection, and more. One can run Backtrack directly from the USB as it’s a portable tool and doesn’t require installation.

3. Pentoo

Pentoo

Pentoo is another best Linux-based operating system widely used for security and penetration testing. The operating system is based on Gentoo Linux, and it brings a wide range of tools to support your ethical hacking process. On the top, it’s just Gentoo Linux, but it has lots of customized tools that make the operating system security friendly.

4. Nodezero

Nodezero

Ethical hackers widely use Nodezero, and it’s an operating system based on Ubuntu. Since it uses the same Ubuntu Repository, Nodezero receives updates whenever Ubuntu gets it. To support your penetration testing and help you with security research, Nodezero provides you over 300+ different tools. You will find tools for every other security purpose on NodeZero.

5. Parrot-sec forensic os

Parrot-sec forensic os

Well, it is an operating system based on Debian GNU/Linux mixed with Frozen box OS and Kali Linux to provide the best penetration and security testing experience for attackers and security testers. It is an operating system for IT security and penetration testing developed by the Frozen box Dev Team. 

8. GnackTrack

GnackTrack

After the release of backtrack 5, this OS is being developed and is now one of the best OS used for pen testing and network cracking, and it is based on a Linux distribution. Other than that, the operating system offers plenty of default apps like Opera, Firefox, Chromium, etc. GnackTrack is heavily inspired by BackTrack, and it brings similar tools for ethical hacking & penetration testing.

9. Bugtraq

Bugtraq

Well, Bugtraq is a distribution based on GNU/Linux aimed at digital forensics, penetration testing, Malware Laboratories, and GSM Forensics and is one of the best choices of attackers. The operating system offers a wide range of tools like forensic tools, malware testing tools, audit tools, network tools, etc.

10. DEFT Linux

DEFT Linux

Digital Evidence and Forensic Toolkit (DEFT) is an open-source distro of Linux built around the Digital Advanced Response Toolkit (DART) software. Deft is Ubuntu customization. Computer forensics and incident response tools that DEFT Linux includes can be used by IT auditors, investigators, military, and police.

Categories
Hacking

10 Best Linux Distributions For Hacking & Pen Testing in 2021

If you have an interest in security, or if you are already working as a security professional, you first need to search for a Linux distro that suits your purpose. Hacking and Penetration testings were mainly done on Linux distributions.

As of now, there are hundreds of Linux distros available on the internet. Some of them were designed for security and penetration testing. In this article, we have decided to share a list of various Linux distributions that focus on security.

These Linux distributions offer many useful tools for penetration testing, wireless security, forensic, etc. So, let’s explore the list of best Linux distributions for hacking & Pen testing.

1. BackTrack 5r3

BackTrack 5r3

It is one of the best-known Linux pentesting distros available out there. BackTrack is usually based on the ever-popular Ubuntu. It is only available within a KDE environment, but to the added version, Gnome was added with BackTrack v5. The Linux distro can be booted via a live CD or flash drive. The distribution helps wireless cracking, exploiting, web application assessment, learning.

2. BackBox Linux

BackBox Linux

Well, if you want to use a Linux distro that’s developed for security and penetration testing, then BackBox might be the best pick for you. Guess what? BackBox is one of the leading names in the Linux world, and it got its own software repository. The software repository of BackBox provides various tools for system and network analysis. The operating system is fast, stable, and pretty effective. Also, BackBox is known for its very active community.

3. Blackbuntu

Blackbuntu

If you are already into the penetration and security testing game, and if you look for ways to scale up your research, then Blackbuntu might be the best Linux distro for you. Guess what? Blackbuntu is designed to keep hacking and security testing in mind. It’s a penetration testing distribution with GNOME desktop environment, which brings a wide range of tools for penetration testers.

The tools offered by Blackbuntu helps in information gathering, network mapping, vulnerability assessment, wireless analysis, reverse engineering, digital forensic, and more.

4. Samurai Web Testing Framework

Samurai Web Testing Framework

Unlike all other Linux distribution, Samurai Web Testing Framework is a developer with the sole purpose of penetration testing. Samurai Web Testing Framework comes as a virtual machine, and it’s not a complete operating system on its own. Being a penetration testing friendly Linux distro, Samurai Web Testing Framework offers a wide range of hacking tools for detecting web vulnerability.

5. Kali Linux

Kali Linux

Well, Kali Linux is a famous name in the ethical hacking world. The Linux distribution is quite widespread, and it’s based on Debian. The good and most crucial thing about Kali Linux is that it brings a wide range of security and penetration testing tools. You will find tools from various security and forensic fields on Kali Linux. Since it’s the most advanced penetration testing Linux distro, it also supports a wide range of devices and hardware.

6. Bugtraq

Bugtraq

This distro offers you a wide range of penetration and forensic tools. Bugtraq is harder to install but runs as a live DVD or a USB Drive. Compared to other Linux distro, Bugtraq provides a wide range of tools in different categories. You would find mobile forensic tools, malware testing tools, audit tools for GSM, wireless tools, etc.

7. Parrot Security OS

Parrot Security OS

Well, Parrot Security Os by Frozenbox’s team is one of the best Linux distribution which you can use for pen testing, computer forensics, and ethical hacking. Compared to all the others listed in the article, Parrot Security OS is very lightweight, and it’s highly efficient. With Parrot Security OS, you will get many recognized tools that help to work and surf anonymously.

8. DEFT Linux

DEFT Linux

Digital Evidence and Forensic Toolkit is the best open-source Linux distro that you can use today. The distro is based on Ubuntu, and it comes with lots of tools that are very useful for pen-testing. Well, Ethical hackers highly use the distribution because it brings a wide range of tools.

9. ArchStrike

ArchStrike

Well, ArchStrike is based on Arch Linux. It’s a Linux distribution that adds an extra security layer over the Arch Linux. ArchStrike shares the same repository of Arch Linux, and it’s mainly used by security professionals. The good thing about this Linux distribution is that it packs a wide range of penetration testing and cybersecurity tools. The Linux distribution also looks good, and it’s pretty lightweight.

10. Fedora Security Spin

Fedora Security Spin

Well, Fedora Security Spin is another best Penetration testing Linux distribution you can use. The distribution is specially designed for security auditing and testing. Fedora Security Spin is well-suited for beginners who want to learn security methodologies on information security.

Categories
Hacking

Hackers Took Advantage Of 11 Zero Days In The Past Year

A particularly threatening group of hackers took advantage of 11 zero-days in the past year, i.e., security gaps that were not known at the time and therefore not patched. The operating systems Windows, Android, and iOS were affected.

The attacks were discovered by Google’s Project Zero and Threat Analysis Group, which had already published information about the individual security vulnerabilities.

In a blog entry, security researcher Maddie Stone, who works at Project Zero, now goes into the background of the security holes that have already been patched.

Accordingly, Google discovered the first four, already actively used zero-days in February 2020. In October 2020, Google again noticed attacks by the same group, which this time used a total of seven zero days. Several zero-days were combined in order to take over a device via the browser to the operating system. This so-called chaining of security holes is not uncommon.

Such a chain was aimed at a fully patched Windows 10 with an up-to-date Chrome browser. Two sub-chains were aimed at fully patched Android 10 devices using the Samsung browser or Chrome.

In addition, the hacker group had Remote Code Execution Exploits (RCE) for iOS 11 to 13, as well as a vulnerability for rights expansion under iOS 13 in their repertoire. The weaknesses were only fixed with iOS 14.1.

However, Stone notes that only iOS, Android, and Windows were tested when the exploit servers were still online. Accordingly, there could have been other chains of exploits.

The exploits were therefore placed on websites in the vicinity of the victims using so-called watering hole attacks. The victims were recognized by the IP address and the user agent. If this fingerprinting was positive, an iframe was injected into the website that pointed to the exploit server. This ultimately took over the victims’ devices.

The vulnerabilities cover a fairly wide range of problems – from a modern JIT vulnerability to multiple font errors,” writes Stone. Each exploit has shown expertise in exploit development and the exploited chess point itself.

In the case of Freetype Zero Day in Chrome, the exploit method for Google’s Project Zero was new. In addition, the obfuscation methods were varied and time-consuming to analyze, explains Stone.

First four Zero Days (February 2020):

  • CVE-2020-6418 – Chrome Vulnerability in Turbofan
  • CVE-2020-0938 – Font Vulnerability in Windows
  • CVE-2020-1020 – Font Vulnerability in Windows
  • CVE-2020-1027 – Windows CSRSS vulnerability

Another seven zero days (October 2020):

  • CVE-2020-15999 – Heap buffer overflow in Chrome Freetype
  • CVE-2020-17087 – Windows heap buffer overflow in CNG.sys
  • CVE-2020-16009 – Chrome-Type-Confusion in Turbofan- Map-Deprecation
  • CVE-2020-16010 – Heap buffer overflow in Chrome for Android
  • CVE-2020-27930 – Safari: Any reading/writing of the stack via type 1 fonts
  • CVE-2020-27950 – iOS XNU kernel memory disclosure in Mach -Message-Trailers
  • CVE-2020-27932 – iOS-Kernel-Type-Confusion with Turnstiles
Categories
News Hacking

OTP is No More Safe: Here’s How Hackers May Steal your Data via SMS Attack

Day to day new changes is taking place in technology, instead of getting more privacy concerns, every now and then hackers are attacking the users. A new attack has come up where hackers redirect the SMS bound for the user’s phone number to their systems.

As per the reports by Joseph Cox of Vice, the text messages are redirected by the hacker to get the OTP of the user’s device and other information in the SMS attack. He also told that the hacker can get the access to Whatsapp account also.

These attacks are possible because of the carelessness of the telecom industry. By using the SMS attack, the hackers can redirect the important text messages that contain OTP or login links.

Joseph Cox, a Motherboard reporter was personally attacked and he was not even knowing about the attack on his mobile number.

In a report, he said,

“Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16, .

However, the strange thing about the attack is, the hacker can get access by paying just $16 (Rs. 1,160). The company that provided these services in the case of Cox has said that the attack has been fixed but for a few others it has not been solved. Moreover, some of the companies know the attack then also they are blaming CTIA, the trade organization.

This SMS redirecting attack is another hacking activity added to the list of hacking. Already there are attacks on SIM Swapping and SS7 that is affecting many users. However, the interesting thing about these attacks is the user gets to know about the hack within few moments as the phone does not have any network. But, in this SMS attack case, the victim does not get to know anything.

So, to avoid this, it is better to not depend on SMS services. You must use authenticator apps and for bank-related OTPs, you must register your email account with your account to receive the OTPs.

Categories
News Hacking

SMS Messages Can Be Rerouted to Hackers for Just $16.

I’ve been getting obviously fake text messages from “Amazon” for the past week. Whether a hack, spam, scam, whatever, I know they aren’t real, but I have wondered where they came from. This news makes me wonder even more: SMS messages can be redirected to hackers for just $16.

Hackers Buy SMS Access

Do you get errant text messages and have no idea where they come from? Companies that you trust may have sold hackers access to your messages, which could include private data.

A Motherboard reporter, Joseph Cox, performed a test on this theory, and the hacker who obtained access to his SMS only paid $16. So perhaps someone paid a few dollars for your SMS as well.

Sms Messages Redirected Man

There are companies that manage text messages that appear to be behind this, or at the very least, they are enablers in this scenario. These services silently redirect text messages. Sometimes they are redirecting them right into the hands of attackers.

These companies often don’t even send messages to the account owners to let them know their SMS messages are being redirected to someone they don’t know and haven’t given access to. The attackers gain the ability to not only intercept your messages but reply to them as well. What would they possibly say?

Cox was able to get someone to carry out an attack on his phone number, the one that only cost the attacker $16. He was also able to get SMS redirection services to admit they’d seen these types of attacks before.

Sms Messages Redirected Texting

This is an exploit on the part of the SMS redirection services. They apparently believe they are selling the access to other legitimate companies. The company that sold Cox’s number has now fixed the exploit.

AT&T and Verizon were asked by The Verge if it was possible for messages to be redirected to hackers. Both companies suggested they contact the wireless industry trade organization, CTIA. CTIA told Motherboard it had “no indication of any malicious activity involving the potential threat or that any customers were impacted.”

These were already other known methods of text messaging interference. The industry has been aware of SMS swapping and SST attacks for a couple of years. Victims of SMS swapping know, however, of the attacks. It won’t be as obvious when your text messages are redirected.

Further Implications

It could get even worse than just access to your SMS messages – it could extend to your other accounts. Think of all the password reset codes that are sent to you via text. With access to your account, an attacker now has access to those reset accounts as well. Login links are sent through text as well. That’s even more accounts that have now been opened to the hackers.

Sms Messages Redirected Woman

For all these reasons, avoid sending anything security-related through your SMS messages. This includes two-factor authentication. Sometimes you may not have a choice. Just make sure you have an ironclad password.

Categories
News Hacking

Verkada Security Firm Cameras Hacked, Includes Tesla

While security hacks are always disconcerting, the recent Verkada security firm camera hack did have a benefit – at least for one of the hackers. He revealed the reason the cameras were hacked was it was “too much fun not to do it.” Tesla was among the firm’s customers that were exposed, along with governmental locations, such as a prison and a hospital.

Security Cameras Hacked

The hackers claimed they were able to access the live security camera feeds of the Verkada security firm. The company’s customers can view the 150,000 camera feeds remotely and use facial recognition to access the feeds.

A username and password for an administrative account were found on a publicly-available webpage. This provided the hackers access to the internal networks of some of the firm’s customers. Tesla and an Alabama jail were two of the customer feeds that were accessed.

Verkada Security Firm Camera

Swiss software developer Tillie Kottmann is known for exposing security flaws. He said the intention behind the Verkada security firm hack was to show how easy the cameras could be accessed and how ubiquitous they had become as well.

Tesla and Others’ Feeds Exposed

The hackers released screenshots of their bounty to the news media and social media. Kottmann gave screenshots of an Alabama jail to Reuters and also posted some to Twitter. Among the other images were a warehouse that he said belonged to Tesla.

There were also images from the Equinox gym and even from inside the home of a Verkada employee. This had been archived footage of the employee as “he completes an atlas puzzle with his kids.”

An Arizona prison kept archived footage as well. It had titles such as “Roundhouse Kick Oopsie” and “Autumn Bumps His Own Head.” There was also a feed from a Massachusetts prison that showed police officers interrogating a handcuffed man. A hospital feed depicted what appeared to be staff tackling a man on a bed.

Verkada Security Firm Ceiling Camera
.

Bloomberg had been first to report the hack. After it did so, the hackers lost access to the feed.

“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” reported the Verkada security firm.

Kottmann’s need to get attention provided insight into the hackers’ motives. They were led to carry out this attack by “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”

And remember: this was all because login details were left out in the open, for the taking, on a webpage. Most interestingly, this happened to a security company.

Categories
News Hacking

Hackers Access Thousands Of Security Cameras From Hospitals, Schools, And A Tesla Plant

The security startup Verkada has suffered a cyberattack, giving hackers access to more than 150,000 security cameras located in hospitals, schools, prisons, Cloudflare offices, and even a Tesla plant.

According to Bloomberg, which collects the testimonies of one of the members of the group of hackers that attacked the Verkada system, the idea behind this attack was to show how easy the security cameras of this company can be to hack.

And it is that Tillie Kottman, the member in question, explains that the intention was not to attack the cameras as such to harm the company but, again, to shed light on the relevance of the security problems that the devices of this firm have. A representative of the company has already assured that they are taking action on the matter.

In fact, they have prevented any type of illicit access “by disabling internal administration accounts.” Verkada’s security team is already “investigating the scale and scope of this problem.”

But how did hackers get into the camera system? Hackers gained administrator-level access to the Verkada system using login credentials of a Super Administrator account they found publicly on the internet. Once inside, they had the entire Verkada system at their disposal to later access the camera networks.

Cameras, by the way, located in Tesla factories and even in hospitals and technological and health institutions. As if that were not enough, in addition to the images of the security cameras, the group assures that they were able to access the complete list of the startup’s clients, including the financial information of the agreements of these companies.

Categories
Hacking

How hackers are finding creative ways to steal gift cards using artificial intelligence.

The black hat hacker’s premise is a story as old as time: find things, break things, make money. Over the years, there have been many creative attacks that have pioneered the industry and made groundbreaking changes in our digital infrastructure. While some may argue that attacks have become monolithic over the years, I would say that this isn’t necessarily true. Some people fail to realize that the best and most creative attacks are the ones we don’t see. This summer, I set off on an adventure of sorts to see what black-hat hackers were doing to circumvent systems. I started on a couple of internet forums, including nulled and cracked and was surprised to find many services that had thousands of page views. These forums often had 15k people on at one time browsing the marketplace and lively sharing sections. However, the one that caught my eye was an online store selling Starbucks gift cards. I was genuinely curious how someone could obtain stolen gift cards for different stores. It was fascinating because the seller was selling these gift cards without a PIN attached. Thus came an exciting experience.

I started by posing (not really) as a developer and sent a message to the seller asking how I could check these gift cards for balance if I were to buy. I was met by a prompt dm telling me I could check them using the store’s gift card phone line. My initial reaction was confusion; why would I use a phone line? Was he somehow exploiting their phone line? Did he have access? I decided to put down the thought of figuring out how it worked for a couple of days and spent the next week without thinking about it. However, one day, while searching for an SMS provider, it finally clicked. He was somehow obtaining a vast list of cards and checking their balance on the phone line using a phone provider. I immediately got back onto the forum and quickly searched for a gift card bot. The site then returned a thread for a newly created program called easycards.io. While reading the thread, I found what I was looking for:

Image for post
The “Phone bot”

It all clicked when I read the information; the bot called using a phone provider (in this case, Twilio) and then got back the balance using a speech to text service (Assembly). With this in mind, I decided to grab an old forgotten Starbucks gift card that I had received for a birthday present and check the balance via the phone line for myself. I typed in the gift card via the phone DTMF system and was then prompted for something I never expected, a captcha. At that moment, I realized that this was actually much more complex than I had originally thought.

The bots must find a way to call the gift card line, input the card, get the captcha, send the captcha, record the balance, transcribe the balance, and send it back to the user, all with great accuracy. I was truly baffled at the sophistication and granularity of this task, and I decided to experiment for myself. I re-called the gift card hotline and decided to see how long it would wait for me to input this captcha. Once again, I went through the motions of inputting the extensions and the card until I was prompted with the captcha, and a short 7 seconds later, I was greeted again with “Sorry, that’s incorrect.” These programs had a measly 7 seconds to get this captcha, record it, transcribe it, and send it. It was truly baffling to me that these sellers were somehow able to obtain 1500 gift cards with balances over $5 using this methodology. In shock with the complexity, I did what any good programmer does, make one myself.

The first day or two, I did some digging through Twilio’s documentation on how these calls were made programmatically. Twilio has helper/wrapper function libraries in just about every language imaginable, so this was a fairly easy task. The bot would first start off by making a call and sending the extension and card number by posting to the create call route. This methodology requires something called Twiml (just a corporate name for XML) to do call actions. The Twiml would look something like this:

<Response>
<Pause length="70"/>
</Response>

And the python code would look something like this:

# Download the helper library from https://www.twilio.com/docs/python/install
import os
from twilio.rest import Client


# Your Account Sid and Auth Token from twilio.com/console
# and set the environment variables. See http://twil.io/secure
account_sid = os.environ['TWILIO_ACCOUNT_SID']
auth_token = os.environ['TWILIO_AUTH_TOKEN']
client = Client(account_sid, auth_token)

call = client.calls.create(
url='http://demo.twilio.com/docs/voice.xml',
to=gift_card_hotline_phone_number,
from_=bought_phone_number
send_digits=extension + card_number
)

print(call.sid)

Within the send digits parameter, you can wait seconds and half seconds, which is nearly perfect for this use case because often times you have to wait before putting in the extension digits. For example, if you wanted to wait 3 seconds, dial the extension number 1, and then wait another 3 seconds, you would put the following:

"WWW1WWW"

Once this call is placed, one can wait the amount of time it takes for the captcha (I am not going to put the times for Starbucks to prevent malicious use) to appear to start recording the call. Recording the call returns an endpoint where you can reach this recording. This recording function is called with the call sid (The call’s unique identifier), which is returned from the create call function. The code would look something like this:

recording = client.calls(sid)
.recordings
.create()

After about 5 seconds, one would need to stop this call from recording (using the same Twilio API) and then pass the URL to a transcription service such as Assembly.

import requests

endpoint = "https://api.assemblyai.com/v2/transcript"

json = {
"audio_url": recording url from twilio
}

headers = {
"authorization": "YOUR-API-TOKEN",
"content-type": "application/json"
}

response = requests.post(endpoint, json=json, headers=headers)

print(response.json())

Finally, you can use regex to parse through the transcription, and send the digits back via the Twilio API. Here’s some pseudocode:

x = [3-9]\d\dsend_digits(x)

As soon as you send these digits, you want to start recording again, and then at a certain point (once the Pause element on your Twiml is over), transcribe what was returned back and give it to the client. Before it is sent back to the client, you probably want to sanitize the input down to simple VALID or INVALID return values to make things easier on the eyes. You also probably want to save your newly stolen loot in a text file. Once all is said and done, you have spent a grand total of $0.015 on this one check. A minuscule amount compared to what you could make stealing people’s gift cards from the perspective of the black hat. I think this project taught me more than anything that our systems are always under attack by bad actors. This method of attack proves more than anything that attacks are becoming more and more complex, despite some people’s arguments that many attacks are now very similar. I think a lot about the security world can be learned by just taking a look under the hood, deep on the inside. And I hope this article encourages some of you to find your own “phone bot” type of attack. The security of the future relies on the willingness of security researchers to spend more time on the inside than time with each other.