Speech Technology - October 2008 - (Page 9)

> > N E W S > > T R E N D S > > A N A LY S I S > > N E W S > > T R E N D S > > A N A LY S I S > > N E W S > > T R E N D S > > A N A LY S I S THE ON ENE: SC Former Hacker Tackles IVR and Biometrics transferred immediately to the man-inthe-middle Web site. “It doesn’t matter what it is—credit cards, banking, your voicemail, anything,” said Mitnick, author of the books The Art of Deception and The Art of Intrusion. “This is where the attacker does a phishing attack to put himself in the middle, and you can’t detect it because when you do your transactions, it works.… And in the more sophisticated attacks, the bad guys get into the telephone switch and divert a percentage of the traffic…and put themselves in the middle, and it’s impossible to detect.” Mitnick also pointed out the weaknesses of voice biometric security solutions. He relayed an instance when he was hired by a company to see if he could crack its voice biometric security system. “And how does this voice biometric work? You call the system. It would have you read off a certain number of digits to register, and then thereafter you would simply call up and say a certain number of digits, and it would verify you as legitimate or not legitimate.” Mitnick said many companies use this model. “The problem…is you’re using just numbers; you’re not using phrases or words, and so when you’re talking about digits, you only have one through zero.” Mitnick simply used caller ID spoofing, in which one masks a phone number on caller ID by adopting a false phone number. He then called an employee of the company, tricked the employee into repeating the fraudulent phone number, which contained the digits zero through nine, recorded the call, and broke each digit into a separate .WAV file. Mitnick then called back and used the recordings to defeat the system. “So that was an easy way to defeat it,” he said. “But I understand that the company fixed that problem.” —Adam Boretz NEW YORK — The newest trend in phishing targets is interactive voice response (IVR) systems through man-in-the-middle telephone attacks, warned Kevin Mitnick in his SpeechTEK 2008 keynote address on August 20. “Instead of having me fill out a form or clicking on a link to go to a Web site, [attackers] simply give me the phone number of the customer service department, and the customer service department is really an IVR system,” said Mitnick, the world’s most famous hacker-turned-professional-securityconsultant. “You are receiving a telephone number you think is the bank. When you call it, it actually accesses the bank. But you don’t know the attacker has put himself into the middle of the transaction.” Mitnick—who prior to his keynote set up a Web site capable of performing man-in-the-middle attacks—then demonstrated this security threat. Accessing his Web site, Mitnick called Washington Mutual Bank. When the call was diverted to the bank’s IVR system, he entered an account number and four digits of a Social Security number, all of which were stolen and ‘Press 1’ for Caller Thoughts NEW YORK — As SpeechTEK 2008’s opening day unfolded at the Marriott Marquis on August 18, a panel discussion digging into the state of the speech technology industry started off with one simple question: What do end users—the customers calling into contact centers—think about interactive voice response (IVR) systems, speech technology, and touchtone automation? Simple: They don’t. “Users don’t really think about IVR [and] the interface,” independent marketing consultant Monique Bozeman of Bozeman Consulting, said to a standing-room-only crowd. If that comes as a surprise to the industry, she said, then the shock is merely indicative of the self-absorption rampant among vendors in today’s www.speechtechmag.com speech technology marketplace. She argued that while vendors are focused on the latest technology in the space, at the end of the day users are more concerned with the service they receive. However, she said, this space is not alone in its introspective view. “This is like any other technology industry you find today,” she added. Vendors focused solely on technology itself can lead to distortions in their market research. There may be inaccuracies in what they believe callers really think about the speech THE ON ENE: SC technology deployed at a contact center, according to two additional panel members, Tim Pearce, global solutions manager of self-service at Dimension Data, and Mike Bergelson, director of product management for customer contact at Cisco Systems. The two men disclosed the results of Dimension Data’s second annual Speech Alignment Index, which determines whether vendors and end users are on the same page regarding speech recognition applications. This year, 1,800 consumers and 240 speech technology vendors participated in the global survey. According to Dimension Data’s research, overall alignment is at 74 percent between vendors and consumers. This marks an increase of 3 percentage points over last year. While the boost is OCTOBER 2008 Speech Technology | 9 http://www.speechtechmag.com

Table of Contents Feed for the Digital Edition of Speech Technology - October 2008

Speech Technology - October 2008 Contents Editor’s Letter Industry View Inside Outsourcing Interact Keynoter Highlights the Shrinking Technological World Former Hacker Tackles IVR and Biometrics ‘Press 1’ for Caller Thoughts Soundbytes Voice Vote A New Dragon Emerges Overheard/Underheard An Emotional Mess Emotional Intelligence The Case for Call Recording Unified in Care and Communications An Education in E-Learning Guest Column Standards Speech Solutions Voice Value Forward Thinking

Speech Technology - October 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.