Rootsecure Homepage
About RootSecure
Lite Edition
User Area
Audio News
Daily Newsletter
Site News Archives
Sources News Archive
SecNews RSS Feeds
SecNews Console
Links:
Videos
Security
Hacking
Wireless
Downloads:
Other
Perl Scripts
Audio Clips
Win32 Tools
Media Archive
PDF Documents
Reports
Hacker Gear
Win' Error Pic's
ASCII Generator
Your IP Address
RootSecure:
Contact
Search
Publicity
Affiliates
Attack Statistics
Syndication
(RSS/XML Feed)
Privacy Policy
Hits: 106,944,559
(Since 06/09/02)
Admin Telnet
HoneyPot Project
|
|
|
|
Reports | Automated Caller ID / ANI Spoofing
{8th Jul 2004} |
|
|
Is the White House calling your mobile?
What is Caller ID?
Caller ID is a service provided by most telephone companies (for a
monthly cost) which will tell you the number / name of an incoming
call. [Definition: Hack FAQ ]
What is ANI?
Automatic Number Identification is a system used by the telephone
company to determine the number of the calling party. There are
believed to be two types, "FLEX ANI" (used for e.g. verification
services such as voicemail) which is relatively easy to spoof, and
"Real Time ANI" (used only for billing purposes on e.g. 800 numbers)
which is harder to spoof. [Definition: Hack FAQ ]
What is ANI / Caller ID spoofing?
ANI / Caller ID spoofing is setting the ANI / Caller ID on the outgoing
call you are making to a 10 digit number of your own choosing.
Traditionally it has been a complicated process either requiring the
assistance of a cooperative phone company operator or an expensive
company PBX system.
What is Automated ANI / Caller ID spoofing?
Automated ANI / Caller ID spoofing is setting the number you are
calling from without the use of an operator / company PBX system. By
far the easiest method thanks to the increasing take-up of internet
telephony services are VoIP (Voice over Internet Protocol) service
providers who allow you when using their service to set whatever caller
ID you like (which is also used as ANI).
Which VoIP service providers support spoofing?
VoicePulse and Nufone both allow spoofing (verified February 16th 2004,
7th July 2004). IAXtel is understood not to support spoofing.
Is international calling / spoofing possible?
Both Nufone, and VoicePulse Connect support international calling,
(dial 011+country code+number) however you may need to modify your
extension file to recognise the international format e.g. exten =>
_011N.,1,Dial,IAX2/[email protected]/${EXTEN}
Spoofing using VoicePulse to a UK Ericsson T610 mobile phone / landline
with caller ID has been verified working, it displays the calling
number (if the number is in the address book it will display the name /
photo listed for it instead). The leading zero should be left off when
spoofing, eg 20-1111-1111.
[Update: As of 5th June 2004 this no longer appears to work, caller id shows up as "unavailable"]
How can I spoof ANI / Caller ID
Requirements: A spare computer with a Linux compatible network card,
basic Linux knowledge, Redhat 9.0 CDs, a broadband Internet connection,
a VoIP hardware phone / compatible software phone, an account with a
VoIP provider.
Overview of the process:
1. Follow the instructions in Andy Powell's, "Getting Started With Asterisk" guide for the initial Linux install.
2. Add the following lines to your extension config file in the same context as your SIP phone.
exten => 33,1,Answer
exten => 33,2,AGI(cidspoof.agi)
4. Sign up with a VoIP provider.
5. Add appropriate details into your IAX config file (as issued by your VoIP service provider).
6. Download the cidspoof.agi script changing line 77 to the correct username / hostname for your VoIP IAX service provider,
and copy it to /var/lib/asterisk/agi-bin/.
7. Start Asterisk
8. Check your SIP phone has correctly registered / verify you are able to make a SIP to PSTN call.
9. Call extension 33, enter the 10 digit number you wish to spoof from, followed by the 10 digit number you wish to spoof to.
A simpler alternative is to use the command SetCallerID(2121111111) in the
"extensions.conf" file direct however it will have to be manually edited and Asterisk
reloaded for every call.
Is it possible to get a dial in number to enable remote spoofing?
DID (direct inward dial
- USA) / DDI (direct dial inward - UK) numbers are available from both Voicepulse and Nufone with no minimum contract period.
Nufone only offer numbers in the state of Michigan for $7.50 per month.
Voicepulse offer a wide variety of area codes / exchanges for $7.99 per
month.
[2007-01-05 Update: NuFone have emailed to mention they can now provide
DIDs in most States at $5.00 per month, and that while they do allow
the setting of 'Calling Party Number' they also "reserve the right to
suspend and/or terminate any account that abuses the privilege".]
What are the other advantages of a DDI / DID number?
1. It can act as an extra phone line.
2. It can run a conference / call centre service, since the line is never busy unless your Asterisk PBX server box says it is.
Is it legal?
It appears to be perfectly legal, as long as it is not used for fraudulent purposes.
What are the security implications of ANI / Caller ID spoofing?
- Most of those relying on it do not realise how easy it is to spoof.
- Automated / manual verification systems such as used by credit card companies can be sent false information.
- Identity
spoofing e.g. someone calls the mobile phone of a prominent employee in
a company spoofing the caller id of a fellow worked who is in their
address book. The name of the fellow worker shows up on the target's
phone screen, and due to the limited bandwidth (reduced quality) of
calls over the cellular / mobile network the target does not realise
(would you question the identity of a colleague?) who they are actually
talking to.
- Most mobile / cellular phone providers offer an
answer phone service which can be set to not require a pin when calling
from the phone itsself. Some of these services verify using ANI and can
therefore be accessed by anyone spoofing the phones own number when
calling the message centre.
[2006-04-29 Update: Alternate spoofing scripts: extension verison, 2 Line extension verison, Perl AGI version from ntheory.]
|