“Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation

With remote offices becoming a new normal, having a conference line is now essential for every company to allow for effective communication between the sites. Conference calls are equally used both for small daily stand-ups, as well as for Enterprise-wide all-hands meetings, with a number of participants ranging from two to infinity. That said, the sensitivity of the matters that are discussed in such calls also varies, but it is unlikely that security measures taken to protect any specific call are always sufficient. In fact, the larger the audience, the fewer controls there are in place to filter those that call-in, yet this does not always mean that the meeting will have no confidential, or at least classified information exposed.

Given the popularity of conference calls, this is believed to be a new reconnaissance attack vector. In fact, there have been a few articles published about insecurity of some conferencing services, that cover various vulnerabilities allowing an attacker to guess an access code or join a conference without one.

 In this talk, however, we would like to discuss getting such attacks couple steps further. We will start the talk by covering key ways to find a company’s conference line provider and numbers. Next, we will talk about getting further work automated using a popular cloud services provider. We will demonstrate (live demo, yay!) how easy and cheap it is to build an interconnected system for making calls to a target’s number, entering conference id, performing audio recording of the meeting if such is taking place, and finally getting the recording transcribed - all using a free tier and a little time. We will discuss the challenges and limitations of the solution, as well as opportunities for its further development.

 Finally, we will end the talk by discussing a few lessons learnt, and the ways that may help companies build a remote meetings security etiquette.