Public switched telephone networks (PSTN) – Security issues [CISMP] Course

Public switched telephone networks (PSTN)

The 1800s were an amazing century for inventions. The first battery, stethoscope, as well as the Mackintosh raincoat, were all invented in the 19th century.

Still, it’s amazing to think that Public Switched Telephone Networks (PSTN), which originated in 1876 are still in use almost 150 years later.

Public Switched Telephone Networks are telecom technologies that enable digital circuit switching. Originally and principally, it was used for audio use with the telephone. Historically, PSTN could only transmit data using modems which were installed at either end of a telephone line.

The most common type of modem was used for dial-up connections and worked by placing a call to the remote modem. The data was transferred as audio tones when the remote modem answered, switching it from digital to analogue.

Engineering control systems, known as SCADA systems, and building management systems (ventilation, security, etc) might still use this technology today. So, in terms of the risks to these older environments, some of the attack methods used by decades ago by hackers are still relevant.

‘War dialling’ is an old trick made famous in the 1983 film ‘War Games’. It’s a technique where a ‘war dialler’ modem rings a series of numbers, hoping to find an unprotected modem, which can then be exploited. A typical approach is to find one telephone number owned by a target and then to war dial the entire prefix which that number belongs to.

For example, if your target is the Russian embassy in London, you would dial every number starting with 020 7229. The modem can tell after 2 rings whether the number is a modem or a telephone, so the war dialler can ring a lot of numbers very quickly. This allows the hacker to quickly identify possible vulnerable modem numbers, which they can then target.

Telephone switchboard operators wearing headsets working at computers.

PSTN often has to deal with data from quite a few different sources. As you can see in the diagram these can include: the Dial-in modem; Private Automatic Branch Exchange (PABX); Supervisory control and data acquisition (SCADA); and closed-circuit television (CCTV). Because PSTN interfaces with so many diverse technologies it’s difficult to know if sensitive traffic is being intercepted. This is obviously a problem for Information Assurance.

However, there are two possible control measures to consider, depending on how the PSTN is being used in the organisation:

  • Dial-back security if modems are still being used. Instead of answering to any caller, the modem is programmed to hang up when it receives a call, then it calls back on a pre-programmed number. This can be used in conjunction with usernames and passwords.
  • Various forms of encryption to mitigate the risk of interception, such as virtual private networks.

Though it is an old technology PSTN still has many strong features. It’s reliable and compared to other newer technologies, such as VoIP, it’s very secure. At some point, a VoIP and wireless solutions will become reliable and secure enough to completely replace PSTN. However, PSTN will still be used, at least as a back-up, until an all-IP network is established – one that is secure and stable enough to be used for all voice communications.

Simple diagram showing technologies that interface with PSTN: Dial in, PABX, SCADA, CCTV.

Figure 1:Technologies which interface with PSTN

What’s next?

Next you will be exploring supervisory control and data acquisition (SCADA) and Voice Over IP (VoIP) which relate quite closely to PSTN in many ways.