• On TV.com: NARUTO SHIPPUDEN Episode 138: The End

Defensive Computing

Read all 'Kevin Mitnick' posts in Defensive Computing
July 23, 2008 6:25 PM PDT

Hacking Caller ID: unblocking blocked phone numbers

by Michael Horowitz
  • 6 comments

Do you block your phone number from appearing on Caller ID? If so, don't count on it. At The Last HOPE hacker conference, Kevin Mitnick, arguably the most famous hacker of all, demonstrated how call blocking can be hacked, and the hidden phone number exposed.

The hack starts with a VoIP telephone number. Mitnick uses Flowroute as his provider, but he told me afterwards that the same thing can also be accomplished with a few other VoIP providers.

Kevin Mitnick speaking at The Last HOPE conference

He starts by forwarding calls to an Asterisk server that he maintains.

According to Wikipedia, "Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX)". The Asterisk website says it runs on GNU/Linux, OpenBSD, FreeBSD, and Mac OS X. On the hardware side, all you need is a computer to use Asterisk with VoIP calls (to interface with the public telephone network requires additional hardware). In other words, it's not an expensive thing to set up.

Asterisk has its own scripting language. Once a phone call hits Mitnick's Asterisk server, a script that he demonstrated analyzes information in the SIP header. The script can see the originating phone number and can also tell that the caller wanted their number hidden. But, just because you ask for something doesn't mean you'll always get it.

Mitnick's script forwards all calls to his cellphone. But, calls that requested privacy have an arbitrary three digit code pre-pended to the phone number. The net effect is that, when Mitnick's cellphone rings, he not only sees the callers' phone number, he can also tell that they tried to hide it.

The basic issue, as I see it, is that once telephone calls become computer data, they can be manipulated like any other type of data.

Caller ID can be hacked in other ways too. In June 2007, Good Morning America did a story on Caller ID spoofing. That is, calling from one phone number but making it appear that you called from another number. Mitnick briefly appeared in that story which is available on YouTube.

See a summary of all my Defensive Computing postings.

Topics:
Hardware,
Software,
FYI
Tags:
caller ID,
hacking,
The Last HOPE,
Kevin Mitnick
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

Google's mobile hopes go beyond Nexus One

The world may have thrilled to the potential for a Google Phone, but what Google actually unveiled is its plan for a new smartphone world order.
• Photos: Unboxing Nexus One

Using your smartphone safely

faq Worms, Trojans, and SMS attacks are risks for mobile phones, but the biggest practical threat to users is losing the device.

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

Most Discussed

advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET