How to reveal blocked caller ID info: a video guide to risky behavior

does this work for text messages? i get a lot of *67 texts..

If you do not want your phone number to be revealed, there is a service called Safercalls. I've personally used this service to call toll-free numbers. (creditors) I believe you can also forward calls internationally and block private callers like GrandCentral. Definitely a life saver.

why is this a big deal? telemarketers dont use blocked numbers, and who cares if they are private? what exactly are you afraid of if someone calls you with a blocked #?

Whats even better is when you have Asterisk save their callerid information, so that every time a telemarketer calls you, you just forward the telemarketer to a random number on your list of callerids. Don't forget to put them into a conference room instead and monitor (Asterisk's recording application) the call, so you can listen to the sweet vengence later. :-)

I personally feel it's a little rediculous that Engadget would post something like this, and in tern promote the exploitation of a regulated system.... The methods used in this "how to" is not only a breach of personal privacy, it is likely illegal...
Sadly, I can report this is actually a functional method of "hacking" the privacy flags... And, working as a network technician for a telecommunications company, I can with full confidence say there is likely little that can be done to prevent this "hack" from being possible.

I have a "blocked caller ID revealer, blocker".
From the makers of the "Trace Buster Buster"

http://www.youtube.com/watch?v=Iw3G80bplTg

KEVIN MITNICK MAH BOIIIIIIIIIIIIII

didn't anyone notice the book the two phones were sitting on??

it's an old MF tutorial :-)

surely someone else noticed this as well. that old KP+ST stood out like dogs ball to me :-)

Looks like someone at FlowRoute needs to read RFC 3325.

http://www.ietf.org/rfc/rfc3325.txt

Parties who wish to request the removal of P-Asserted-Identity header
fields before they are transmitted to an element that is not trusted
may add the "id" privacy token defined in this document to the
Privacy header field. The Privacy header field is defined in [6].
If this token is present, proxies MUST remove all the P-Asserted-
Identity header fields before forwarding messages to elements that
are not trusted. If the Privacy header field value is set to "none"
then the proxy MUST NOT remove the P-Asserted-Identity header fields.

The SIP Phone provider is supposed to strip out P-Asserted-ID before sending to the subscriber. If they did that there would be nothing to exploit.

But note that rfc 3325 is just a memo, not an internet standard. Even if you simply read the abstract of rfc 3325 you'll notice that it says:

"This document does NOT offer a general privacy or identity model suitable for use between different trust domains, or use in the Internet at large."

This has been discussed on the ietf mailing lists and you'll find that the notion of "trust domains" is very loose---it has to be for it to be meaningful on the internet. A voip call may pass through many separate trust domains along it's path. As it seems flowroute is a wholesale service, their customers are arguably in their trust domain

You can pick the rfc apart in many ways in regards to this story, but the bottom line is that it is only a memo anyway.

this is nothing new, it's been possible to anyone running asterisk, nice to see someone making the "how-to" available :-)

just a note, it's also possible to spoof caller ids using asterisk (not sure if you can spoof from home, though), as I worked for a VOIP provider that used to call friends spoofing his phone as 911, the White House, and even as the person that he was calling (freaked out a guy that was like "who is this? this is my number! no, MY name is so-and-so..."

fun stuff

Funny, he's using my old phone and my new one