[guardian-dev] automatic calling?
Hans-Christoph Steiner
hans at guardianproject.info
Tue Aug 25 09:26:52 EDT 2015
Natanael:
> Den 25 aug 2015 14:40 skrev "Matej Kovacic" <matej.kovacic at owca.info>:
>>
>> Hi,
>>
>> sorry for off-topic, but I have a couple of questions for the members of
>> this list.
>>
>> I have came across some cases, where people claim they received a call
>> from an unknown foreign number. The did not respond (!) to the call and
>> did not call back (!).
>>
>> But they claim their phone somehow called back alone and created great
>> expenses to them.
>>
>> CDR record by the operator shows there in fact has been a call from
>> their phone, but those users claim they did not call by themselves.
>>
>> There is another case, when a mobile phone got stolen and after that
>> there was made a 200+ calls AT THE SAME TIME.
>>
>> Any idea how could this be possible?
>
> The phone network backends are hilariously insecure. The original calls are
> almost certainly just made to verify that the random number tested is real,
> to then spoof the origin. Somebody has access to a carrier's internal
> network to do this.
Yeah, the telephone system really was not built with general access in mind,
but instead thinking that only a limited number of employees would have
access. Things like the originating phone number are entirely unauthenticated
(like email). So, for example, if you have telecom access, you can make your
calls look like they are coming from any number.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
More information about the guardian-dev
mailing list