AstriCon 2017

Multi-Factor Authentication (MFA) is a common way to reduce account takeover on websites (and apparently on Asterisk machines as well). While almost everyone knows how to use Asterisk to make automated phone calls that announce the user it’s 4-6 digits code, Not everyone knows how to use Asterisk to bypass just that. This talk will present two relationships between Asterisk and MFA: Using MFA to protect your Asterisk AND using Asterisk to bypass E-commerce MFA while focusing on following subjects: 1. How to use MFA solution to protect your Asterisk system from unauthorized phone calls, including implementation for the following scenarios: * Requiring MFA upon agent login/DISA. * Requiring MFA when originating suspicious phone calls. * `MFA everywhere` when needed. 2. How to use Selenium (browser automation tool) and Asterisk to automatically bypass MFA on websites: * Why does websites use MFA? * Short introduction to Selenium. * How to automate the reception of a verification code through phone call using Asterisk and a cloud native language analysis service. * How to protect YOUR website’s MFA from such tricks. This session features multiple code samples and live demos.