Clever Caller ID Tricks With VoIP
An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."
Return of the phreak? :P
Is this a surprise? From the article, it says that the calling party number is always sent, and there's just a flag set saying "don't look here." If you tell someone they can't or shouldn't do something... that's the best way to insure that they will.
Who's really that stupid? Big business.
Call-centers are using the CPN data as an authentication method to recognize customers. Call from somebody else's phone, or in this case appear to be doing so, and instantly that person's account will open on the operator's screen.
Banks and credit card companies seem to be smart enough to know that they have to ask some other challenge question to make themselves confident enough that they have the right person before discussing anything sensitve... but it just take one merchant willing to charge to an account and ship merchandise based on the the phone data alone and suddenly there's a way to get a charge onto somebody's credit account without even knowing their card number.
It's a matter of "trust", and a formerly trustworthy system no not so much.