[VOIPSEC] Caller ID hacks and trust boundaries in the world of SIP

Dan York dyork at voxeo.com
Tue Jul 22 18:51:00 PDT 2008


VOIPSEC readers,

Some of you may have read in the press about Kevin Mitnick's  
demonstration at the Last HOPE conference over the weekend of a  
modification to Asterisk that allows blocked Caller ID to be  
displayed.  As I note in this lengthy post to the VOIPSA blog, it's  
really an issue related to where the "trust boundaries" are  
established as we continue in our ongoing work as an industry of  
blowing apart the network formerly known as the PSTN:

http://voipsa.org/blog/2008/07/23/asterisk-hack-to-show-blocked-caller-id-points-to-larger-trust-issues-with-sip/

If that URL breaks in your mail client, try: http://bit.ly/bl7xT

I've already had it pointed out to me (thanks!) that SS7 has the  
basically identical "privacy bit" feature, but the SS7 trust boundary  
was such that this information wouldn't be passed to subscriber/ 
customer equipment.  In our new world of SIP, those boundaries aren't  
yet established.

Dan

-- 
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO    Voxeo Corporation     dyork at voxeo.com
Phone: +1-407-455-5859  Skype: danyork  http://www.voxeo.com
Blogs: http://blogs.voxeo.com  http://www.disruptivetelephony.com

Build voice applications based on open standards.
Find out how at http://www.voxeo.com/free









More information about the Voipsec mailing list