Defensive Computing Subscribe to Defensive Computing
July 23, 2008 6:25 PM PDT

Hacking Caller ID: unblocking blocked phone numbers

Posted by Michael Horowitz

Do you block your phone number from appearing on Caller ID? If so, don't count on it. At The Last HOPE hacker conference, Kevin Mitnick, arguably the most famous hacker of all, demonstrated how call blocking can be hacked, and the hidden phone number exposed.

The hack starts with a VoIP telephone number. Mitnick uses Flowroute as his provider, but he told me afterwards that the same thing can also be accomplished with a few other VoIP providers.

Kevin Mitnick speaking at The Last HOPE conference

He starts by forwarding calls to an Asterisk server that he maintains.

According to Wikipedia, "Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX)". The Asterisk website says it runs on GNU/Linux, OpenBSD, FreeBSD, and Mac OS X. On the hardware side, all you need is a computer to use Asterisk with VoIP calls (to interface with the public telephone network requires additional hardware). In other words, it's not an expensive thing to set up.

Asterisk has its own scripting language. Once a phone call hits Mitnick's Asterisk server, a script that he demonstrated analyzes information in the SIP header. The script can see the originating phone number and can also tell that the caller wanted their number hidden. But, just because you ask for something doesn't mean you'll always get it.

Mitnick's script forwards all calls to his cellphone. But, calls that requested privacy have an arbitrary three digit code pre-pended to the phone number. The net effect is that, when Mitnick's cellphone rings, he not only sees the callers' phone number, he can also tell that they tried to hide it.

The basic issue, as I see it, is that once telephone calls become computer data, they can be manipulated like any other type of data.

Caller ID can be hacked in other ways too. In June 2007, Good Morning America did a story on Caller ID spoofing. That is, calling from one phone number but making it appear that you called from another number. Mitnick briefly appeared in that story which is available on YouTube.

See a summary of all my Defensive Computing postings.

Topics:

Hardware,

Software,

FYI

Tags:

caller ID,

hacking,

The Last HOPE,

Kevin Mitnick

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
Why can't Firefox print as well as Internet Explorer?
Summarizing the Nvidia problems with laptop chips overheating
In a pinch, GoDaddy and Typepad let a customer down
The market share of Firefox vs. Internet Explorer
Netflix computer problems continue
Add a Comment (Log in or register) 4 comments (Page 1 of 1)
by powder1122 July 23, 2008 7:05 PM PDT
Wow! must have taken him about 15 min to learn that! Silly little privacy header. If this is a shock to anyone please go back to finger painting.
Reply to this comment
by oneoclock July 24, 2008 6:16 AM PDT
This depends entirely on your telephone service provider. Most businesses are hooked up to the public telephone network via ISDN. In this case it depends on the phone company. Most residential and small business phone lines are analog phone lines. On an analog phone line you never get a caller ID signal if caller ID was withheld by the caller. NEVER. Most medium to large businesses are connected to the public phone network via ISDN. Most phone companies will not provide any caller ID via ISDN if the caller withheld caller ID, all they send is a header that tells the called party why there is no caller ID. Only very large businesses are hooked up to the public phone network via SS7, in which case they may obtain caller ID even if it was withheld by the caller. Phone companies also hook up to each other via SS7, so they may also obtain caller ID even if withheld.

What Mitnick demonstrated sounds like his route was all SIP (a voip protocol). Well, most of the world's phone calls travel over SS7 and ISDN, not SIP. Even if it voip is involved, there are several other protocols, many of which do not provide withheld information as freely as SIP does. This is a storm in a waterglass. After all, if you use SIP, in many cases the media travels directly between the end points and then the called party can see your IP address even if they couldn't see your caller ID, or if you used a fake caller ID. In other words, SIP doesn't provide privacy anyway due to the nature of a p2p IP media path.
Reply to this comment
by Kev Orng July 29, 2008 7:45 AM PDT
I just don't answer those calls that come up as private or unknown.
If it's important, or someone I know, they'll leave a message. If they're trying to sell something, they don't.
It's a lot easier than routing home calls through servers to your cell phone so you can look at a phone number and make the same decision.
Reply to this comment
by yogumca August 8, 2008 11:18 PM PDT
i dont now
Reply to this comment
Powered by Jive Software

  • About Defensive Computing

  • Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

    He is a member of the CNET Blog Network and is not an employee of CNET.

    Disclosure.

Add this feed to your online news reader
Google
Yahoo
MSN

Defensive Computing topics

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On MovieTome: Get your first glimpse of STAR TREK!
Advanced
search
Advanced
search
Visit other CBS Interactive sites