Phones, PBXs, Fax machines, Voice mailboxes and even photocopiers are all open to abuse. The most common security hole is the use of insecure maintenance modes/interfaces.
- PBX attacks often result in attackers making long distance telephone calls, perhaps completely unnoticed until bills suddenly increase. Often maintenance modes are badly protected or special features are enabled for outside access when they shouldn't be.
- Where possible, maintenance interfaces should NOT be accessible externally.
- Maintenance password should never be left at their default.
- All device with external interfaces should be configured such that they are not easy to abuse.