Skip to main content

Tags caller-id spoofing

root@localhost

A gentle introduction to caller ID spoofing

Published on May 7, 2020 in ,

Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Phone phreaks are now using call forwarding features to make free phonecalls!

Published on Jan 21, 2009 in ,

Actually, they have been doing that for quite a while; say a couple of years. Yet it still works, and we only hear about it when some organization is hit with a hefty phone bill because their PBX server has been abused. The West Australian is running a feature article on various (undisclosed) cases where PBX systems, some traditional while others are IP-based (and exposed on the Internet) were abused to make phonecalls to foreign countries.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Swatters using VoIP to spoof caller id

Published on Mar 14, 2008 in ,

Its no news really to whoever is familiar with swatting, but this is something that recently came into the light in the public media as a few people have been found guilty of this real bad prank. What is swatting? It’s basically someone calling the 911 service, spoofing the callerid and pretending to be under attack from some maniac. What happens then is that a SWAT team is sent to the residence on which the spoofed phone number is registered.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

re-INVITE and authentication

Published on Nov 5, 2007 in ,

The Madynes research team have published details of a way to steal the Digest Authentication response and be able to perform a relay attack. This is the post on the Voipsa mailing list. They published the info in a presentation / slideshow form.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

how (not) to get your ex back

Published on Oct 30, 2007 in , ,

Just uploaded a short story showing how an unsolicited user can phone up a victim by knowing (or finding out) IP and port of the victim’s VoIP phone. This story ties in with what we’ve been discussing in previous blog post. You may check out the story here.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Server impersonation and SIP

Published on Oct 28, 2007 in ,

Was reading Sipera’s latest advisories. The server impersonation advisory caught my eye mostly because we’ve seen something similar to this over here during testing. We hadn’t published this information until now .. so here goes. A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished.…

Read more »