Slashdot Mirror


Caller ID Spoofing for the Masses

lolly72 writes "SecurityFocus has a story on a new U.S. website offering a caller I.D. falsification service. It's called Camophone. It's being advertised in Google ads that appear with search results for Star38.com, which was the the last service to try and make money off caller I.D. hacking. But unlike Star38.com, Camophone isn't limited to collection agencies and private investigators, and it doesn't cost $125 to sign up. Anyone with a PayPal account can use it, and at five cents a minute, probably will. Who do you want to fake out today?"

8 of 286 comments (clear)

  1. Re:Somebody will figure it out by SnowDeath · · Score: 4, Interesting

    Ever heard of Call-Back security? Any security that is based on Caller-ID is inherently flawed.

  2. Did Camophone get advance notice? by YetAnotherName · · Score: 4, Interesting

    Of the /. story, that is? Their website is currently up (this posting will probably be the 10th or so), but is surprisingly minimal. No images at all. Plain, unadorned HTML. Not even a CSS file.

    I have a feeling they'll withstand the slashdotting.

  3. Telemarketing by Ambient_Developer · · Score: 5, Interesting

    This could make telemarketing nearly untraceable, a company just uses a call center that utilizes this technology, and people will never know where the phone call is coming from. Imagine getting a phone call from a telemarketer, and it says 911 on the caller ID.

  4. Don't talk to strangers by Doc+Ruby · · Score: 4, Interesting

    Why do we need the government, when our address books can authenticate the caller cryptographically? Unfamiliar callers should all be treated as untrustworthy until proven otherwise. That can be established through an automated web of trust, and callback, or shunted to voicemail or /dev/null. Distributed software is much better protection than the FBI, much cheaper, and doesn't come with dirty stormtrooper boots muddying up your foyer.

    --

    --
    make install -not war

  5. A horrible idea, real experience... by bstarrfield · · Score: 5, Interesting

    Folks, I'm all for cool technology, and I realize one can spoof caller id information. But caller ID can be a very good thing. I know...

    Three years ago I had the very unpleasant surprise of finding out my (ex) wife was having an affair. Unfortunately, she had also decided on using tactics designed to ensure her utter victory in the divorce. She'd actually purchased books (I saw them), giving her advice on dirty divorce tactics - "Divorce War! 50 Strategies Every Woman Needs to Know to Win." Apparently, one of the recommended strategies was to call your ex and try to drive him nuts - hopefully he'll say something nasty and you'll be able to bring it up in court, etc.

    Well, I realized what she was doing once I started getting anonymous calls at 2:00 - 3:00 AM. Strange, nasty stuff, weird messages. Technology was actually useful - the caller ID information allowed me to get a pretty damn good idea of who was calling. (Hint would-be-nasty-callers: remember to hit *69 before you call!). The police thought it was fun, too. Caller ID and outright stupidity saved the day.

    Look, in my case I wasn't directly threatened. it was cruel, it was viscous, it was nasty. But I was never in any danger. However, what if it had been something dangerous? When one's depressed, your willing to listen to anything - and when you see the ID comes out as "Police" or "Crisis Center" - you could be lured into a bad situation. This is real folks - stalkers are out there, I've seen and heard it.

    All technology can be abused, I know that. But in this case, let's try to prevent a service which provides fundamental identification information from being turned into something potentially dangerous.

    Incidentally, she pretty much wiped me out. Bummer. But all in all, it was for the best...

    --
    /* Dang, I can't type that well. */
  6. How to circumvent ANI by yetanothermike · · Score: 4, Interesting

    Call the local operator and ask them to place your call to the toll-free number. Obviously this doesn't work with toll calls, but they'll do it for you on toll free calls. It's been a while since I tried it, since I have little reason to hide when placing calls, but it's surprising how often they have no trouble doing it for you. I was never even asked why I wanted them to place the call.

    --

    [insert sig file here]

  7. Does anyone else think this is lame? by ctime · · Score: 4, Interesting

    Maybe I'm just getting old, but doesn't this seem lame as hell? Sure it's fun calling up your buddies T-Mobile cell phone # and getting into his VM, changing his greeting to something ubscene..but..

    Doesn't this just seem rather weak? It's only fun for about 5 minutes and has been around forever. For me, it's like the equivilent of spoofing smtp headers. MAN, THAT WAS FUN IN 1994...

    I guess I'm just getting old and bitter.

  8. Tried the server, here's the results by KnightMB · · Score: 4, Interesting
    Ok, I tried the service, basically cost $5.00 Results:

    1) Payment by paypal only (no problem for me)

    2) Service then lets you log in, but it's not secure (no encryption, wth!) so choose a temp password that you wouldn't mind someone stealing

    3) You enter the "target" number, your number then 10 digit caller ID string

    4) As soon as you hit submit, it does call you, calls the other number and bridge them together.

    5) But!! The caller ID string does not work. I've tested this with several land line phones, cell phones, etc. I always show up as "unknown".

    Conclusion:

    Allows bridge calls but does not produce the caller ID string you put in. So this service is a bust in my opinion.

    Case closed