root@localhost
A gentle introduction to caller ID spoofing
Published on May 7, 2020 in caller id spoofing, sip security
Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…
Read more »
Sandro Gauci, Enable Security
Phone phreaks are now using call forwarding features to make free phonecalls!
Published on Jan 21, 2009 in cyber crime, caller-id spoofing
Actually, they have been doing that for quite a while; say a couple of years. Yet it still works, and we only hear about it when some organization is hit with a hefty phone bill because their PBX server has been abused. The West Australian is running a feature article on various (undisclosed) cases where PBX systems, some traditional while others are IP-based (and exposed on the Internet) were abused to make phonecalls to foreign countries.…
Read more »
Sandro Gauci, Enable Security
Swatters using VoIP to spoof caller id
Published on Mar 14, 2008 in caller-id spoofing, cyber crime
Its no news really to whoever is familiar with swatting, but this is something that recently came into the light in the public media as a few people have been found guilty of this real bad prank. What is swatting? It’s basically someone calling the 911 service, spoofing the callerid and pretending to be under attack from some maniac. What happens then is that a SWAT team is sent to the residence on which the spoofed phone number is registered.…
Read more »
Sandro Gauci, Enable Security
re-INVITE and authentication
Published on Nov 5, 2007 in sip security, caller-id spoofing
The Madynes research team have published details of a way to steal the Digest Authentication response and be able to perform a relay attack. This is the post on the Voipsa mailing list. They published the info in a presentation / slideshow form.…
Read more »
Sandro Gauci, Enable Security
how (not) to get your ex back
Published on Oct 30, 2007 in sipvicious oss, sip security, caller-id spoofing
Just uploaded a short story showing how an unsolicited user can phone up a victim by knowing (or finding out) IP and port of the victim’s VoIP phone. This story ties in with what we’ve been discussing in previous blog post. You may check out the story here.…
Read more »
Sandro Gauci, Enable Security
Server impersonation and SIP
Published on Oct 28, 2007 in caller-id spoofing, softphone security
Was reading Sipera’s latest advisories. The server impersonation advisory caught my eye mostly because we’ve seen something similar to this over here during testing. We hadn’t published this information until now .. so here goes. A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished.…
Read more »