Hacking Caller ID: unblocking blocked phone numbers

Defensive telephony rather than computing

Do you block your phone number from appearing on Caller ID? If so, don't count on it. At The Last HOPE hacker conference, Kevin Mitnick, arguably the most famous hacker of all, demonstrated how call blocking can be hacked, and the hidden phone number exposed.

The hack starts with a VoIP telephone number. Mitnick uses Flowroute as his provider, but he told me afterwards that the same thing can also be accomplished with a few other VoIP providers.

Kevin Mitnick speaking at The Last HOPE conference

He starts by forwarding calls to an Asterisk server that he maintains.

According to Wikipedia, "Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX)". The Asterisk website says it runs on GNU/Linux, OpenBSD, FreeBSD, and Mac OS X. On the hardware side, all you need is a computer to use Asterisk with VoIP calls (to interface with the public telephone network requires additional hardware). In other words, it's not an expensive thing to set up.

Asterisk has its own scripting language. Once a phone call hits Mitnick's Asterisk server, a script that he demonstrated analyzes information in the SIP header. The script can see the originating phone number and can also tell that the caller wanted their number hidden. But, just because you ask for something doesn't mean you'll always get it.

Mitnick's script forwards all calls to his cellphone. But, calls that requested privacy have an arbitrary three digit code pre-pended to the phone number. The net effect is that, when Mitnick's cellphone rings, he not only sees the callers' phone number, he can also tell that they tried to hide it.

The basic issue, as I see it, is that once telephone calls become computer data, they can be manipulated like any other type of data.

Caller ID can be hacked in other ways too. In June 2007, Good Morning America did a story on Caller ID spoofing. That is, calling from one phone number but making it appear that you called from another number. Mitnick briefly appeared in that story which is available on YouTube.

See a summary of all my Defensive Computing postings.

Featured Video

VTech hack exposes 5 million accounts, including kids' photos, chats

The toymaker stores personal data and photos in a way that may be easy for hackers to access. Also, Amazon shows off its latest design for delivery drones.

by Bridget Carey