Asterisk

2022: Asterisk 20

On October 20, 2022, it became known that after a year of development, an updated stable branch of the Asterisk 20 open communication platform was released, used to deploy PBXs, voice communication systems, VoIP gateways, organizing IVR systems (voice menu), voice mail, telephone conferences and call centers. The source code of the project is available under the GPLv2 license.

Asterisk 20

As reported, Asterisk 20 is classified as an extended support (LTS) release, updates for which will be released for five years instead of the usual two-year release. Support for the past Asterisk 18 LTS branch will last until October 2025, and Asterisk 16 branches until October 2023. In preparing LTS releases, the main focus is on ensuring stability and optimization of performance, while the priority of regular releases is to increase functionality.

Key improvements in Asterisk 20:

• A test framework has been added that allows you to check the correctness of command processing by external processes.
• The res_pjsip module supports reloading of TLS keys and certificates.
• Additional options for initiating a transfer have been added, for example, to play your own invitation or install extensions.
• AMI (Asterisk Manager Interface) has added the ability to globally disable certain events (the disabledevents directive appeared in the general configuration file section). The DeadlockStart event generated when determining a mutual lock has been implemented. Added DBPrefixGet action to extract all keys starting with the specified prefix from the database.
• The command dialplan eval function has been added to the CLI to start dialplan and the command module refresh to reboot the modules.
• The pbx helper application has been added to optimize the search and launch of other applications by name.
• Added EXPORT function for writing variables and functions for other channels. Added TRIM, LTRIM, and RTRIM string functions.
• The presence of an answering machine (AMD) detector has been added with the ability to play back in response to an arbitrary sound file.
• Bridge and BridgeWait applications have added the ability not to respond to a channel until the channels are bridged.
• An option has been added to the voice mail application (app_voicemail) to protect messages from being deleted.
• Added audio scrambling function (to protect against listening).
• Advanced positioning tools (res_geolocation).
• The application app_queue added support for playing music on hold.
• An option has been added to the res_parking module to override the music played during call hold in dialplan.
• The app_confbridge option has end_marked_any been added to the application to disconnect users from the conference after the exit of any marked user.
• The hear_own_join_sound option has been added to disable the audio indication of the call connection to an individual user.
• The Call Detail Record (CDR) is enabled by default for additional channels.
• The ReceiveText application has been added to receive text, which performs the function opposite to the SendText application.
• Added function for JSON parsing.
• The SendMF application has been added to send an arbitrary multi-frequency signal (R1 MF, Multi-Frequency) to any channel.
• ToneScan module has been added to determine the signals (tone dialing, busy signal, modem response, Special Information Tones, etc.).
• Removed applications previously declared obsolete: muted, conf2ael.
• Removed modules previously declared outdated: res_config_sqlite, chan_vpb, chan_misdn, chan_nbs, chan_phone, chan_oss, cdr_syslog, app_dahdiras, app_nbscat, app_image, app_url, app_fax, app_ices, app_mysql, cdr_mysql,^[1].

2017: Vulnerability in Asterisk allows users to listen in

In September 2017, information was published about one of the vulnerabilities of the Asterisk service. Security experts at Enable Security warn^[2]that it can be more serious than it first seemed. Vulnerability allows you to intercept calls in the popular IP telephony service ^[3].

The vulnerability, called "RTPbleed," first appeared in September 2011, the same month it was fixed, but then was discovered again in 2013.

The problem occurs during network address translation (NAT). In Asterisk, the vulnerability can be exploited when the system is configured to support IP address translation (options nat = yes and strictrtp = yes). This is the default configuration because NAT is quite common.

The peculiarity of this error is that an attacker does not need to be between the two ends of the conversation - a system with a vulnerable RTP implementation will itself send him packets with information.

To exploit the vulnerability, an attacker needs to send specially crafted RTP packets to an Asterisk server port accessible from the Internet and force the vulnerable application to send a copy of all IP traffic to the remote server.

The patch released by Asterisk limits the vulnerability window to the first few milliseconds. However, an attacker can still exploit the error if he continuously sends RTP packets.

2012: Asterisk version 1.8

The Asterisk platform is used worldwide by developers, integrators and resellers to create cost-effective and efficient computer telephone systems. Asterisk version 1.8 brings more than 200 enhanced features related to security, IPv6 integration, and additional ISDN-BRI functionality.

Asterisk 1.8 was created as a product with long-term technical support provided by Digium for 4 years. This software can be used to create any type of telephone system or voice application, popular IP PBXs, voice gateways and mail, interactive voice menus (IVRs), conferences and automatic call distributors (ACDs). It is not surprising that the target audience most often downloading the Asterisk platform is employees of medium and large companies, call centers, municipalities and governments.

Asterisk 1.8 includes the achievements of hundreds of community developers, as well as the Digium development team.

The Asterisk version 1.8 platform update includes:

• Secure RTP protocol support - new end-to-end encrypted signal VoIP further provides signal stability;
• event security structure - modular characteristic of event collection and distribution;
• broad additions to ISDN-BRI functionality - call completion services, caller identification, payment advice (AOC), message availability identification (MWI), call redirection and call rejection;
• Changes in Session Initiation Protocol (SIP) - a significant increase in registration rate, TLS protocol improvements, and a more flexible network address translation (NAT) system
• IPv6 support - integration with next-generation networks;
• calendar integration - Support for Microsoft Exchange, CalDav and iCalendar;
• Channel Event Recording (CEL) - improved characteristics for tracking and recording calls, system log for calls and their cost;
• XMPP Message Distribution - Better scalability for call waiting and device status
• improved internationalization and localization - Asterisk offers improved audio playback control (dates, numbers);
• support for Google Talk and Google Voice - support for incoming and outgoing messages for Google Talk and Google Voice;
• High Resolution Call Data Recording (CDR) - the ability to track call times up to microseconds.
• Improved support for voice codecs - support for 16 kHz linear media streams and optional HD voice codecs
• support for PacketCable NCS 1.0 - the ability to use Asterisk to create business services, which is applicable in cable companies;
• noise reduction on conference calls - the sound on conference calls is much cleaner;
• ConfBridge application enhancements - replacing the previously used DAHDI channel with internal Asterisk solutions;
• Pitch shift function - the ability to control the pitch of audio sound, including the voices of callers;
• Multicast RTP paging (RTP paging) is an efficient and scalable method for communication.
• Rapid Node Update and Testing - Implement new Agile development and Digium's new automated testing system.

2010:2 million downloads

In 2010, users downloaded the free Asterisk platform more than 2 million times. With the release of a new version, supplemented by 200 new characteristics, you can be guaranteed to expect a significant increase in its popularity.

Notes