Slashdot Mirror


Clever Caller ID Tricks With VoIP

An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."

3 of 259 comments (clear)

  1. Freaks! by krumms · · Score: 5, Insightful

    Return of the phreak? :P

  2. Is this a surprise? by insensitive_clod · · Score: 5, Insightful

    Is this a surprise? From the article, it says that the calling party number is always sent, and there's just a flag set saying "don't look here." If you tell someone they can't or shouldn't do something... that's the best way to insure that they will.

  3. Re:Gone Phishing by LostCluster · · Score: 5, Insightful

    Who's really that stupid? Big business.

    Call-centers are using the CPN data as an authentication method to recognize customers. Call from somebody else's phone, or in this case appear to be doing so, and instantly that person's account will open on the operator's screen.

    Banks and credit card companies seem to be smart enough to know that they have to ask some other challenge question to make themselves confident enough that they have the right person before discussing anything sensitve... but it just take one merchant willing to charge to an account and ship merchandise based on the the phone data alone and suddenly there's a way to get a charge onto somebody's credit account without even knowing their card number.

    It's a matter of "trust", and a formerly trustworthy system no not so much.