Slashdot Mirror


Clever Caller ID Tricks With VoIP

An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."

9 of 259 comments (clear)

  1. old news for me :) by Anonymous Coward · · Score: 5, Interesting

    Back in 2001 or so I found this out when talking to my local ISP/VoIP provider IPOnly. Then me and some of my friends thought about setting up some kind of SMS-style service that was free, since it apparently works sending ascii as caller ID :)

    1. Re:old news for me :) by itwerx · · Score: 4, Interesting

      Back in 2001 or so...
      A heck of a lot longer than that, as this "issue" isn't limited to VOIP. Ask anybody who installs/maintains standard PBX systems.
      The privilege of setting your own outbound CID is simply another (business class) service and reading blocked inbound is actually your right if you have a toll-free number (because you're paying for the call).
      (Dunno why cell-phones don't have the same right though, c'est la vie :).

  2. from overseas by millahtime · · Score: 4, Interesting

    Does this mean that I could get a call on a private line with with my number on the do not call list from overseas? Kind of like spam for my phone.

  3. Useful part by dacarr · · Score: 4, Interesting

    You know those idiots (read: bill collectors) who call with "OUT OF AREA" tags on their Caller ID data? Yeah. I wonder if you can reset those to figure out who those are. The possibilities are good here. =^_^=

    --
    This sig no verb.
  4. Not New by suwain_2 · · Score: 4, Interesting

    The fact that this is happening is interesting, but this sort of thing's always been possible.

    First off, any sort of digital phone line lets you set your own caller ID info, it's just that most home users can't afford bringing a T1 into their home just to mess with caller ID.

    Secondly, there've always been ways around caller ID anyway. A common one is called 'op diverting,' where you route your call through an operator, who will, in many cases, manually key in your Caller ID info with no authentication at all.

    There are real privacy concerns here, but my point is, for those alarmed by them... Be even more alarmed. This is entirely doable without VoIP.

    I don't know about getting blocked caller ID, though 800 numbers (and, IIRC, almost all high-volume digital lines?) have full access to caller ID, even if you block it.

    The point of the article, IMHO, is that VoIP providers are carelessly sending this data, not the exploits that can be done -- they already exist. And you can almost argue that VoIP providers aren't entirely wrong here -- if you got a PRI line to your home, you could do this type of stuff anyway.

    --
    ________________________________________________
    suwain_2 :: quality slashdot p
  5. The security "industry" is engageing in FUD by bferrell · · Score: 4, Interesting

    This isn't a hack. The telco interconnect company (in this case nuphone) sends the info to Ma Bell. The fact that they don't validate it is NOT a hack. It may be a risk, but feeding incorrect info to mother is not a hack or a manipulation. In general the telco themselves require information be provided... It's a little sad that some interconnect companies don't treat it more seriously. I know my company does.

  6. ISDN by jcrowly · · Score: 4, Interesting

    Having tried to set my MSN (the outbound number) to an invalid number here in the UK (on a primary rate with 100 phone number mapped to it), the invaild caller ID simply got reset by the telco to the billing number of the line.

    I guess in the states the Telcos must trust the equipment that connects up to the line to set the MSN connectly, hence being able to fake the Caller ID.

    As for the privicy bit for callerid, in the UK (as far as I am aware, but I'll test this) only telecos are passed the CallerId+Flag (by telecos I means those with an Interconnect with other telecos and an NX2 license, but the licenses are being phased out), It's then the telecos job to strip out the CallerID and Flag before passing on the data to the customers line.

  7. Re:Details? by cmburns69 · · Score: 4, Interesting

    The theory behind it is that since the owner of the 800 number is paying for the call, he has the right to know who is calling.

    --
    Online Starcraft RPG? At
    Dietary fiber is like asynchronous IO-- Non-blocking!
  8. Re:Reading unlisted numbers by jjhall · · Score: 4, Interesting

    Nope, it isn't possible anywhere, US or otherwise. The reason is, that your CID box is showing exactly what is sent to it. The correct information is blocked at the switch level, before your line even rings.

    Now if you want to get as many numbers as is possible, like this article is stating, get yourself a toll-free number and use it instead of your local number. Anyone calling it (that has CID information available) will have it show up, regardless as to whether or not they try to block it.

    That article was very misleading, making it seem as though this is a flaw that the information was displayed when it was blocked. In reality, it is just how the network operates. Nufone provides a toll-free number, since the person being called is the one paying, they have a right to know the number. This is how it has always worked.

    Jeremy