Schneier on Security
A blog covering security and security technology.
« Electromagnetic Pulse Grenades |
| Privacy in the Age of Persistence »
February 26, 2009
Defeating Caller ID Blocking
TrapCall is a new service that reveals the caller ID on anonymous or blocked calls:
TrapCall instructs new customers to reprogram their cellphones to send all rejected, missed and unanswered calls to TrapCall's own toll-free number. If the user sees an incoming call with Caller ID blocked, he just presses the button on the phone that would normally send it to voicemail. The call invisibly loops through TelTech's system, then back to the user's phone, this time with the caller's number displayed as the Caller ID.
In addition to the free service, branded Fly Trap, a $10-per-month upgrade called Mouse Trap provides human-created transcripts of voicemail messages, and in some cases uses text messaging to send you the name of the caller — information not normally available to wireless customers. Mouse Trap will also send you text messages with the numbers of people who call while your phone was powered off, even if they don't leave a message.
With the $25-a-month Bear Trap upgrade, you can also automatically record your incoming calls, and get text messages with the billing name and street address of some of your callers, which TelTech says is derived from commercial databases.
Posted on February 26, 2009 at 12:53 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
They need to add Elephant Trap:
NCIC search results on the caller and their credit history
Saw this a few days ago. Caller ID blocking has never been a reliable way to conceal who is calling. These guys are surely not the first company to offer ANI-to-CID bridging services.
Short comment: Pre-paid SIM-card
There are a bunch of services that allow you to spoof your caller-id by entering the spoof number and the destination number into a website (or via the keypad when calling an 800/900 number).
Some even let you talk for a minute or two for free.
Given that those spoof calls originate at the service provider and not at your line, I would expect that an ANI to CID bridge like this would be completely ineffective.
Obviously, they want you to pay for their service. However, will they make enough to pay for the system and the free services? What is the game plan for profit? The sign up page says "Trapcall will not sell, or distribute information about you, or the callers that may have called you", but the Terms of Service don't. In fact, the TOS says "TrapCall.com assumes no responsibility for the accuracy of any particular statement and accepts no liability for any loss or damage which may arise from reliance on the information contained on this site", which leads me to believe the disclaimer about selling your caller information may not be true.
The value to Trapcall is a list of valid phone numbers with linked email addresses that they can sell to spammers or anyone that wants to buy it.
Short comment: pre-paid long distance card.
Trapcall is a freemium service. Phone time is extremely cheap when bought in bulk, and they offer premium services on Trapcall in addition to TelTech's other products, including SpoofCard (which they are all too happy to mention fools Trapcall in the latter's FAQ). These effectively subsidize the free service. SpoofCard at least is well-known and I've never heard any privacy complaints about that service.
Chill. Yo yo yo. Thats why i gots this TraceBusterBuster. See, when a motherfucker try to bust your trace with a TraceBuster, this motherfucker is gonna bust the motherfucking TraceBuster that's busting your... er, er, trace!
Damnit. It took me so long to transcribe, someone else just posted the link directly. :-(
This won't last long. Someone will outlaw it soon enough.
My VOip phone will report any number I want as my caller ID. I expect spammers will just start using similar services.
Random nugger of information: ISTR that ISDN (at least the 30-channel version) always sent the calling number over the D-channel as part of the call setup, but with a bit to tell the phone whether it was allowed to show the calling number to the end-user.
Both BRI & PRI ISDNs send CID as part of call establishment phase. However certainly on BT lines (in UK), the only ones I've any experience with, if you specify a CID not associated with your line it gets rewritten to the lines 'primary' number.
I've always disliked the notion of CLID suppression: if you want to call me, you have no legitimate reason for attempting to conceal your identity. I subscribed to Anonymous Call Rejection for a while, despite the extra charge (which irritates me: why should withholding your number be free, yet rejecting anonymous calls is not?) but BT's handling is quite poor: a recorded 'error' message, rather than either going to voicemail, getting instructions to redial with the prefix 1470 instead (to release CLID) or ideally, a simple voice prompt: "This line does not accept anonymous calls - press 1 to be connected without withholding your number, or hang up." Of course, I'd also want this option to be the default for all lines, so the few exceptions which might actually want to accept anonymous calls can opt to do so, rather than making the rest of us pay to opt out. Less profitable for BT that way, though...
These days, I just ignore anonymous calls and let them go to voicemail. Simpler, but not perfect.
one could also buy a cheap used 2 or 3 station PBX and give oneself an extension that only friends etc know -
everything else ("voicespam"?) goes to voicemail
While I sympathise with James Sutherland's wish to know who is calling, his comment "if you want to call me, you have no legitimate reason for attempting to conceal your identity" is perhaps too strong.
I have used branch exchanges that sent a single number for all outgoing calls. In effect there were several thousand phones all with the same outgoing number but distinct incoming numbers.
This meant that if somebody called but did not leave a message it was not possible to return the call. Worse, if you were unaware of this and tried to return the call the person who answered could only tell you that they don't know who called - they couldn't even identify the building from which the original call had come. This annoyed both parties.
To avoid this problem the telecom department had a policy that caller ID was disabled on all phones.
Something similar occurs with many VoIP to phone gateways - caller ID shows the number of the gateway, not the number of the calling phone. It is sometimes more helpful to suppress caller ID, especially if the person being called expects to be able to use the number to return a call.
I imagine that some Trapcall customers who try to return a call will find themselves calling the wrong number.
Ooh -- Bruce! The People demand an update about the SHA-3 candidate conference! Or, assuming you're not there, what you've heard about it from colleagues.
It appears much of it will be yawner presentations of candidates that are either too slow or too weak to make it, but there could be either fun cryptography or some clarity on how they'll whittle down the candidate list.
"Mouse Trap will also send you text messages with the numbers of people who call while your phone was powered off, even if they don't leave a message."
It is free service from all cellphone providers here in Russia. How one could ask money for such an obvious and simple service?
When I worked somewhere in Australia playing with VoIP with a POTS on-ramp, we similarly discovered that we could specify any number we wished as a calling number, and it would go through. We brought it up to our telephony provider, and they couldn't see the issue with being able to spoof our number.
There were of course discussions about calling campaigns involving dialling random numbers from the phone book and hanging up after one or two rings while spoofing various figures. Most effective if the call is after midnight!
Interesting idea when your products include "irresistible force" and "unmovable object"... which of the products do you favour?
@Mrten: Right on wrong. On a call where the number is suppressed it is transmitted throughout the phone network. But the last CO will remove the number when signalling the call to the end customer, so no, the number is not transmitted to the phone and no, the phone can't ignore the number suppression.
Addendum: This is what isdnlog shows on a call with number suppressed:
[calling party number: (type=unknown, plan=unknown, presentation restricted, screening network provided)]
This is how a normal call with number provided is signalled:
[calling party number: 2011234567 (type=national, plan=ISDN, presentation allowed, screening user provided: verified & passed)]
And this is an example where a number was provided by the calling end user which differs from the "real" number of his line (this is usually not available with standard lines but as a feature e.g. for call centers):
[calling party number: 2011234567 (type=national, plan=ISDN, presentation allowed, screening user provided: not screened)]
[calling party number: 2023456789 (type=national, plan=ISDN, presentation allowed, screening network provided)]
@Troy: All calls are after midnight ;)
This service is exploiting a bug in the way caller-ID blocking is implemented. The key is that if you call a toll-free (800/888/etc) number, your info is reported even if caller ID is enabled. So the trick they use is to forward calls to a toll-free number, then back again to the original destination. The problem is that the caller does not know this is happening and has no way to block it.
@Phillip: surprisingly, that doesn't always work anymore. I'm currently using a Sprint prepaid card, and callers do get my number displayed, so they're passing it through. I've never known that to be true with other prepaid cards.
That does not work: I used to have an ISDN connection with 4 sequential numbers.
Only the first, main number was used and given to other people, but all 4 were connected on a local PBX. Very often we would receive a sales call on the first number, then the second light would light up, etc... This shows they just call all numbers sequentially...
Expect an explosion in deployments of Gold Boxes (http://en.wikipedia.org/wiki/Gold_box_%28phreaking%29). Hell you could even make an small business out of it.
As others have pointed out, this is only useful in limited scenarios.
Being able to "spoof" a number is pretty fundamental part of the way the telephone network works.
Some providers might overwrite your outbound CPN with your billing number, but it's not too hard to get one that won't. Not to mention many VoIP will let you do this.
This is a basic design decision in the phone networks (similar to SMTP).
Callwave, which provides better voicemail for free does the same thing.
It was never advertised or even noted by the company, but users quickly realized that they were suddenly seeing CID numbers from previously blocked lines (often our own). I suspect that it was initially a bug that they decided was nice.
BTW, I strongly recommend Callwave's service even though I am no longer a customer (moved to iPhone).
All this shows is that they are overcharging for their "services." Everything they have done here could be done for somewhere in the range of free to pennies.
best answer: Don't use the phone network if you think you are anonymous. This has always been true and will always be true.
Next step - offer a service which will give the correct number from spoofcarded calls ... and charge more to be exempt from this service.
There is an objection that people can use caller id to locate other people - a case mentioned of a man locating his ex this way and shooting her.
But when caller id was new, cellphones were uncommon and expensive. But even then, every spy-novel fan knew to use public phone booths.
Using caller ID for security is security by obscurity. Use a call method where revealing your phone number makes no difference.
None of those are fundamentally new capabilities.
You've been able for decades to buy an off-the-shelf phone system that can record all incoming calls; you could probably do it with Asterisk for almost no money, though you'd spend more time setting it up. If you get a personal 800 number, caller ID and any blocking thereof is pretty much irrelevant, and it's probably cheaper per month than a lot of people's cellular plans. Or you can just get anonymous call blocking, and calls that are blocking caller ID won't cause your phone to ring in the first place, which is even better as far as I'm concerned. Transcript services have been around for a good while too, though I don't know if they've ever been quite that cheap.
The value here, from a commercial perspective, is that they're bringing all these things together and making them convenient and marketing them as a package with easily understood bullet points. I'm not sure that really has a whole lot of major security implications, because like I said it could all be done before anyway.
Can this software identify callers who go directly to voice mail? The wireless provider is not providing any assistance.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.