Asterisk VoIP News

Saturday, April 01, 2006

VoIP Caller ID Spoofing - Still Dangerous

Many in the VoIP service industry have known for years that caller ID can be spoofed (that is, misrepresented) relatively easily. In fact, one need not be an expert at using Asterix's Linux PBX software or know the other tricks of the trade - he can simply pay a few dollars for an Internet telephone caller ID spoofing service. (We're not going to provide free advertising for these services here) While this may seem harmless, it opens up the door to a number of serious vulnerabilities.

More and more caller ID is being used to authenticate people's identity. Credit card companies have long been using caller ID in the card activation process. Financial institutions such as Citibank and American Express are now using it to authenticate identity of account holders who dial in to their telephone service. In business, caller ID is used to signal whether a caller is calling from inside or outside the firm. 911 call centers use it to determine who is calling and where to send emergency responders. Voicemail systems, particularly cell phone voicemail systems, automatically playback messages based on caller ID.

Click Here for the Full Article