1

I have gotten a number of calls where after I answer (I rarely answer but occasionally a number pops up that could be from a customer) the caller hangs up. I'm assuming it was a robo call (the calls are not just ones from my local area code and exchange.)

I got one of those calls a short time ago and began wondering what information is being sent by my phone to the caller. Almost immediately I got a little freaked out when I wondered if the caller could send spoofed caller ID messages that took advantage of a vulnerability in how my phone handles caller ID data.

I looked into the SDMF and MDMF formats and while they seem straightforward there are always potential holes waiting to be discovered.

I was thinking of malformed packets that could cause a buffer overrun or such like we see on IP links.

So the question is, are there any known hacks where people use a computer to send caller ID messages that open up the phone to attack or causes it to leak information apart from the normal name, address, etc.?

Tracy Cramer
  • 853
  • 5
  • 10

2 Answers2

1

I don't know of any bugs that specifically exploit caller ID handlers, but there have been a handful of very severe vulnerabilities that could be triggered simply by sending an SMS. An example was Stagefright, which exploited SMS messages with MMS attachments. It required no user interaction. Yes, more exist that are unpatched (that's true of all software), but it's not something you need to worry about coming from mere robocallers. If they are discovered publicly, they will likely be patched quickly.

forest
  • 64,616
  • 20
  • 206
  • 257
  • stagefright vulnr was not about MMS, that was only a PoC noted by mass media. Opening a file with exploit in a some browsers or any other app passing it to libstagefright will trigger the exploit too. For example opening that file in a gallery or even opening that dir containing that file in some file managers triggers the exploit too. – KOLANICH Aug 03 '19 at 08:44
  • @KOLANICH You're right, but it's an example of a vulnerability that could be exploited simply by getting an SMS, even if there are other ways to exploit it. – forest Aug 03 '19 at 08:45
  • so it largery depends on the features built into the protocols used for telephony, particulary into CallerID feature. I am not familiar to them. But I remember that the feature was present when there were no phones with multimedia capabilities, so it may be possible to reduce the attack surface only to the very basic text-based features. Though it would likely require a custom firmware. – KOLANICH Aug 03 '19 at 08:50
0

Caller ID can be sent over SIP connections and is then rendered a caller-id at the destination POTS gateway, but no verification is done on the caller-id data, so basically anyone calling you from a SIP source (eg, some Indian malicious call center) can spoof any caller id they want.

Spoofing caller-id may or may not be illegal, but their main game: fraud certainly is, the obviously are prepared to flout the law.

So far as I know the limit of caller-id expoits is social engineering, ie to get the called party to react in a certain way.

If caller-id supports UTF-8 it may be possible to send DoS atttacks via caller-id agaist the next device found to have a unicode exploit, (historically it's an iPhone). but why? txt or twitter is easier.

Jasen
  • 834
  • 5
  • 8