Hacking Caller ID: unblocking blocked phone numbers
Do you block your phone number from appearing on Caller ID? If so, don't count on it. At The Last HOPE hacker conference, Kevin Mitnick, arguably the most famous hacker of all, demonstrated how call blocking can be hacked, and the hidden phone number exposed.
The hack starts with a VoIP telephone number. Mitnick uses Flowroute as his provider, but he told me afterwards that the same thing can also be accomplished with a few other VoIP providers.
Kevin Mitnick speaking at The Last HOPE conference
He starts by forwarding calls to an Asterisk server that he maintains.
According to Wikipedia, "Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX)". The Asterisk website says it runs on GNU/Linux, OpenBSD, FreeBSD, and Mac OS X. On the hardware side, all you need is a computer to use Asterisk with VoIP calls (to interface with the public telephone network requires additional hardware). In other words, it's not an expensive thing to set up.
Asterisk has its own scripting language. Once a phone call hits Mitnick's Asterisk server, a script that he demonstrated analyzes information in the SIP header. The script can see the originating phone number and can also tell that the caller wanted their number hidden. But, just because you ask for something doesn't mean you'll always get it.
Mitnick's script forwards all calls to his cellphone. But, calls that requested privacy have an arbitrary three digit code pre-pended to the phone number. The net effect is that, when Mitnick's cellphone rings, he not only sees the callers' phone number, he can also tell that they tried to hide it.
The basic issue, as I see it, is that once telephone calls become computer data, they can be manipulated like any other type of data.
Caller ID can be hacked in other ways too. In June 2007, Good Morning America did a story on Caller ID spoofing. That is, calling from one phone number but making it appear that you called from another number. Mitnick briefly appeared in that story which is available on YouTube.
See a summary of all my Defensive Computing postings.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure. 
What Mitnick demonstrated sounds like his route was all SIP (a voip protocol). Well, most of the world's phone calls travel over SS7 and ISDN, not SIP. Even if it voip is involved, there are several other protocols, many of which do not provide withheld information as freely as SIP does. This is a storm in a waterglass. After all, if you use SIP, in many cases the media travels directly between the end points and then the called party can see your IP address even if they couldn't see your caller ID, or if you used a fake caller ID. In other words, SIP doesn't provide privacy anyway due to the nature of a p2p IP media path.
If it's important, or someone I know, they'll leave a message. If they're trying to sell something, they don't.
It's a lot easier than routing home calls through servers to your cell phone so you can look at a phone number and make the same decision.
- by ECASCIATO July 15, 2009 9:20 AM PDT
- Hello Michael,
- Reply to this comment
-
(6 Comments)We recently have been getting prank calls on my wife's business phone. Annoying and irritating but nothing more. Yesterday her caller ID was not her business name when she would make an outgoing call. Of no coincendence the name on the caller ID was that of the suspected harrasser's previous address. It was like a signature to let us know it was him. We contaced ATT and they were no help to find out how this was done. The caller name only changes on the local cable phone network. How serious of a problem is this as we have credit card numbers processed on this phone line. Where can I turn to and what can be done.
Ed Casciato
ecasciato@hotmail.com