VoicePulse and many other providers choose to do business by administratively locking down the configuration of the device used to get onto their network. The subscriber does not get to see the credentials; only pieces of it may be determined by doing a packet sniff, but digest authentication is used, so they cannot be determined directly (challenge/response). At least in the VoicePulse case (I'm a subscriber), the subscriber's PSTN DN does not figure into it at all; the userID is an opaque string. While I can't say with 100% certainty, I would say it's up to VP's Asterisk boxen to provide my CPN data to the PSTN based on my userID (a database lookup most likely). AFAIK, one cannot get onto VP's network unless one authenticates so. Therefore I'm not sure if it's even possible, unless there is some sort of buffer overflow or similar exploit in Asterisk that could be used to fake my CPN data.

As to whether private numbers are revealed to me, I can't readily determine. I do know that part of their service offering is to block anonymous callers. An optional subfeature of this is for their Asterisk to solicit and then pass on 10 digits entered by such callers. At that point of course they can tone in anything they'd like without any sort of validation.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9061/27412#27412