Clever Caller ID Tricks With VoIP
An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."
Back in 2001 or so I found this out when talking to my local ISP/VoIP provider IPOnly. Then me and some of my friends thought about setting up some kind of SMS-style service that was free, since it apparently works sending ascii as caller ID :)
Does this mean that I could get a call on a private line with with my number on the do not call list from overseas? Kind of like spam for my phone.
Evolution or ID?
You know those idiots (read: bill collectors) who call with "OUT OF AREA" tags on their Caller ID data? Yeah. I wonder if you can reset those to figure out who those are. The possibilities are good here. =^_^=
This sig no verb.
The fact that this is happening is interesting, but this sort of thing's always been possible.
First off, any sort of digital phone line lets you set your own caller ID info, it's just that most home users can't afford bringing a T1 into their home just to mess with caller ID.
Secondly, there've always been ways around caller ID anyway. A common one is called 'op diverting,' where you route your call through an operator, who will, in many cases, manually key in your Caller ID info with no authentication at all.
There are real privacy concerns here, but my point is, for those alarmed by them... Be even more alarmed. This is entirely doable without VoIP.
I don't know about getting blocked caller ID, though 800 numbers (and, IIRC, almost all high-volume digital lines?) have full access to caller ID, even if you block it.
The point of the article, IMHO, is that VoIP providers are carelessly sending this data, not the exploits that can be done -- they already exist. And you can almost argue that VoIP providers aren't entirely wrong here -- if you got a PRI line to your home, you could do this type of stuff anyway.
________________________________________________
suwain_2
This isn't a hack. The telco interconnect company (in this case nuphone) sends the info to Ma Bell. The fact that they don't validate it is NOT a hack. It may be a risk, but feeding incorrect info to mother is not a hack or a manipulation. In general the telco themselves require information be provided... It's a little sad that some interconnect companies don't treat it more seriously. I know my company does.
Having tried to set my MSN (the outbound number) to an invalid number here in the UK (on a primary rate with 100 phone number mapped to it), the invaild caller ID simply got reset by the telco to the billing number of the line.
I guess in the states the Telcos must trust the equipment that connects up to the line to set the MSN connectly, hence being able to fake the Caller ID.
As for the privicy bit for callerid, in the UK (as far as I am aware, but I'll test this) only telecos are passed the CallerId+Flag (by telecos I means those with an Interconnect with other telecos and an NX2 license, but the licenses are being phased out), It's then the telecos job to strip out the CallerID and Flag before passing on the data to the customers line.
The theory behind it is that since the owner of the 800 number is paying for the call, he has the right to know who is calling.
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
Nope, it isn't possible anywhere, US or otherwise. The reason is, that your CID box is showing exactly what is sent to it. The correct information is blocked at the switch level, before your line even rings.
Now if you want to get as many numbers as is possible, like this article is stating, get yourself a toll-free number and use it instead of your local number. Anyone calling it (that has CID information available) will have it show up, regardless as to whether or not they try to block it.
That article was very misleading, making it seem as though this is a flaw that the information was displayed when it was blocked. In reality, it is just how the network operates. Nufone provides a toll-free number, since the person being called is the one paying, they have a right to know the number. This is how it has always worked.
Jeremy