[VOIPSEC] The *Rise* of Caller ID Spoofing

J. Oquendo sil at infiltrated.net
Wed Feb 10 07:05:52 CST 2010 

Spoofing companies blame the carriers for the security flaw. “It is not
the service…. it’s the cell phone companies,” says Gregory Evans,
President of Spoofem.com. “The cell phone companies have to take some
type of responsibility.”
http://blogs.wsj.com/digits/2010/02/05/the-rise-of-caller-id-spoofing/

Lucky for me I don't work at a cell carrier. ;)

I've dealt with this issue on the VoIP carrier side and its a difficult
battle getting clients to agree to fix CID. Remember, the client is
always right when paying the bills.

With VoIP, our main concerns (at least mine) are, e-911... For example,
I have a client in Boston with 3 teleworkers using Beantown DID's. I
keep having to remind them: "You do know if your staff call 911 in an
extreme emergency where they can't give their address from that phone
the cops are going to go to the Boston office right..."

Anyway, I can see congress re-visiting or pushing hard for the "Truth In
Caller ID Act" however, this means nothing for trunks out of the
country. For example, just because its a law here (US) doesn't mean
someone with a trunk in Denmark is going to stop sending out shoddy CID.
And sure I supposed I can go into my SBC and force CID then risk losing
a customer who wants (and deserves) control over the data (SIP
messaging) that leaves his network. Who knows, maybe there's a market in
"CID Log Management". Let's see who is the first to get sued before
something really happens:

Victim: "I really thought I would be getting a 2174523% return on my
investment. The Caller ID said `This Be Is A Real Bank` and hey had a
nice eastern european sounding advisor"
Lawyer: "Did you lose all of your life savings?"


-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E

More information about the Voipsec mailing list