SpoofCard.com, a company that sells “enhanced” calling cards providing the ever-so-popular Caller-ID spoofing feature, has recently terminated Paris Hilton’s and 50 other customer’s accounts due to said customers abusing the Caller-ID spoofing feature (go figure) to break into other people’s voice-mail accounts, listen to messages, and even change the targeted users’s greetings:
SpoofCard.com confirmed that Paris Hilton was among the terminated customers, and that Lindsay Lohan was among those whose voicemail accounts were broken into. SpoofCard has put software controls on its network so that customers can no longer use its service to break into the voicemail boxes of Miss Lohan or the other victims it has identified.
Not only is this a poor way to address the security issue, it’s not really even addressing the problem; it’s addressing the symptoms, and in an extremely limited way by only blocking access from their customers to a list of specific users’ voice-mail accounts that have already been targeted. In SpoofCard’s defense however, it probably is the best they can do; It really is the cellular carrier’s problem because they allow users to disable the passcode required to access their voice-mail services, which then defaults to using only Caller-ID information to authenticate the user.
It’s pretty telling of the state of user trust in today’s global telephony system when there are so many businesses that have sprung up around what is essentially a lack of integrity of calling-party information that has been introduced into the system by VoIP and the VoIP-to-PSTN interfaces that they feed their information through. There are still VoIP-to-PSTN service providers that will honor Caller-ID information passed to them by their users and forward it into the PSTN, and there are any number of companies like SpoofCard.com that will provide this service for the average, non-technical consumer.
It’s sad that the general populace can really no longer trust the Caller-ID information that shows up on their phone. Telephony service providers, credit card distribution verification services, banks, and other companies need to realize this as well and stop using Caller-ID information to identify or authenticate their users, and really never should have been in the first place.