[ NNSquad ] The Rise of Caller-ID Spoofing

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] The Rise of Caller-ID Spoofing

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] The Rise of Caller-ID Spoofing
From: Lauren Weinstein <lauren@vortex.com>
Date: Mon, 8 Feb 2010 10:10:37 -0800

The Rise of Caller-ID Spoofing

http://bit.ly/cZaVd9  (Huffington)

I've been publicly involved in CNID (Calling Number ID) debates since
before their deployment, and was one of the parties pushing for the
availability of caller-based per-call and per-line CNID blocking
options.

But it's one thing to block your number to the called party, and
something else to lie about it.  The CNID infrastructure was never
designed for access by untrusted parties, and the complex interactions
between CNID and ANI (Automatic Number Identification) -- which seem
to many observers like the same feature but actually are very different --
makes the environment even more complicated and subject to abuses.

Ironically, since CNID delivery is such a cash cow for the traditional
telcos, it's often a required element of most calling feature
packages.  AT&T is particuarly aggresive in this regard, structuring
their packages so that a single feature like call forwarding is
incredibly expensive relative to the basic cost of the access line,
and your only alternatives if you need that feature are even more
expensive packages loaded down with all manner of unwanted additional
features, always anchored to paying for CNID delivery.

As the article referenced above implies, CNID has been so diluted in
value by spoofing, that paying for it now is like paying to be abused
by spoofing callers, and woe to anyone who leaves their voicemail in
"no PIN required to play back messages" mode.  Note that the
traditional carriers who happily provide default PIN-less voicemail
access modes virtually never bother to tell customers how risky that is.

In stark contrast, Google Voice does have an option to permit PIN-less
access, but it is not enabled by default, and if you try to enable
that mode, you're presented with a straigtforward challenge dialogue:

     Really?? Removing your PIN might make it possible for somebody to
     fake your caller ID and get into your voicemail.

Bingo.  That's *exactly* how such an option should be presented if
it's going to be made available.

--Lauren--
NNSquad Moderator

Prev by Date: [ NNSquad ] Verizon drops traffic access to 4chan.org
Next by Date: [ NNSquad ] SourceForge removes blanket blocking
Previous by thread: [ NNSquad ] Verizon drops traffic access to 4chan.org
Next by thread: [ NNSquad ] SourceForge removes blanket blocking
Index(es):
- Date
- Thread