, SecurityFocus 2004-07-06
Implementation quirks in Voice over IP are making it easy for hackers to spoof Caller I.D., and to unmask blocked numbers.
Expand all |
Post comment
|
VoIP hacks gut Caller I.D.
, SecurityFocus 2004-07-06 Implementation quirks in Voice over IP are making it easy for hackers to spoof Caller I.D., and to unmask blocked numbers.
Expand all |
Post comment
|
|
|
Privacy Statement |
1. Local Exchange switches do contain screening software to block spoofing, even from digital PRI links. If they detect a wrong A-number they inject the default CLID of the PBX.
2. International Gateway switches can be configured to blind A-numbers in outgoing calls to interconnected operators. Blinding means the A-number is dropped or replaced by zero's. This feature has been introduced to blind CLID for calls into 'untrusted" countries.
3. Companies who interconnecct at SS#7 level can receive all A-numbers and seemingly some 800-platform providers convey the numbers to their users. It seems the VoIP-provider has got the same level of access.
It is therefore just crappy configuration or technical incompetence, either of the VoIP-provider who leaves too much open and does not activate CLID-screening or the interconnecting company who does allow the calls into it's network without proper controlling the quality in this retrospect.
As far as I can see this is thus the typical problem of a start-up industry and it can be rather rapidly controlled and corrected in negotiations about correct behaviour between operators.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/9061/27407#27407