Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Google Service Manipulates Caller-ID For Free

Posted by ryuzaki0 on from the party-to-whom-you-are-speaking dept.

Lauren Weinstein writes to raise an alarm about a new Google service, Click-to-Call. As he describes it, the service seems ripe for abuse of several kinds. One red flag is that Google falsifies the caller-ID of calls it originates for the service. From the article: "Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."

4 of 116 comments (clear)

  1. Not news by loconet · · Score: 0, Offtopic

    What is actually news is that a girl submitted this!

    --
    [alk]
  2. Re:Caller ID is broken in the same way SMTP is bro by Anonymous Coward · · Score: 0, Offtopic

    What you are saying is partially true dependent upon the technology used and the type of service chosen. In dials are just that, they receive calls only and cannot be used to place calls. This does not matter on the type of technology used be it digital or analog circuits.

    What you are implying is that the P(A)BX is connected to some form of voice grade digital circuit that can be used for both incoming and outgoing calls. The setting of CND data (presentation allow) is configured at the switch level more often than not and is dependent upon the requirements of the organization or business ordering the service(s).

    As an example, some company orders a voice grade E1 (or T1, etc.) for inbound and outbound calls and requests that they be able to set the CND data. What you said would be true.

    I would speculate (based on previous experience) that the vast majority of P(A)BX configurations do not control the presentation and that the prime number of the hunt group is usually set in the switch data for the group. There would be those however that wish to manipulate this data themselves however where the service would be configured on the switch to allow such but I would expect this to be on much larger systems installations than the normal (larger numbers of) small businesses.

  3. Re:Caller ID is broken in the same way SMTP is bro by Wesley+Felter · · Score: 0, Offtopic

    ...there will never be a way to ensure that the originating PBX is telling the truth. DID ranges are (for the most part) not tied directly to outgoing phone lines, so they can't even be verified against those.

    This sounds very similar to the arguments against filtering spoofed packets on the Internet. "Our network is designed such that it needs spoofed packets to work," etc. And yet, responsible ISPs managed to adapt. It's time for the telcos to do the same.

  4. Re:Deserves attention, but not a very hard problem by Dare+nMc · · Score: 0, Offtopic
    "Do Not Call" list laws, but why do they chose to hide the caller ID info? For all I know, it could easily be a scammer pretending to be the FOP.

    well the "State Fraternal Order of Police" calls I get are exactly that, basically a scam. They were not a tax deductible contribution, when asked, it was 80% of profits to police widdows or something, they couldn't answer what % of donation that was. I forget, but I was able to find something around 2-5% of the donation in a local papers investigative report. They were using a speed dialer, so they don't want call backs on the caller-id asking why they called and hung up on ya. because they were a for profit organization raising donations for FOP they wouldn't have even been able to guess who had called for what cause.