יום רביעי, 10 באוקטובר 2018

IEC we have a problem - the telephone is sharing our address


~~This article is for awarness only, don't use it to gain information about other people~~~~

As part of my ongoing project about Caller ID I'm sharing this data.

The IEC (Israel Electric Company)  is exposing the physical address of the clients, with or without the needs of spoof call.
All the attacker needs to know is the phone number, known or unknown target.

Later, he can type it in the IVR system, where client can inform about problems.
As a results, the IVR system is sharing the address which is connected to this phone number.

Since most of us, have electric power connected to our houses, and bill to pay -  it's really hard to prevent it, even in situation when the privacy is important
Calling the IEC is very simple:

Short number from Israel 103
Local and international:
+972(0)4-8187100
~~~~~~~~~~~~~~~~~~~~~
Exploit for address in Hebrew
Call from blocked number and then

 103;1;1;*;{target phone number},#;1

+972(0)4-8187100;1;1;*;{target phone number},#;1
~~~~~~~~~~~~~~~~~~~~~~
Exploit for address in English
Call from blocked number and then

 103;2;1;*;{client phone number},#;1

+972(0)4-8187100;2;1;*;{client phone number},#;1
~~~~~~~~~~~~~~~~~~~~~


The IEC  already in the loop, so I hope they will fix it sooner then later.

We must understand that our dependency  on Caller ID is totaly worng, just like missing of SSL in web services.

In this case study,  potenial actor don't have to change the caller ID in order to get data, so it's very good lesson of what to avoid.

More information about the caller ID project will be shared here in my blog, or my Twitter account.




It seems that this problem came after an idea to make better service to the clients 

יום שלישי, 31 בדצמבר 2013

New telecom security for the world - Preventing telcom identity thieves

Recently I went to the parliament,I spoke there about the lack of security in the Telecom world

Some people think that's spoof caller ID and telecom identity thief is nothing important, but many people like you and me can protect ourselves

It's not right that's everyone can steal your phone number, and use it like one of him
I decided to do something about it

I'm calling you, by my own voice,please join the movement and help your country to protects itself from telecom identity thief

One law per one country can prevent most of the attack,a law which will stop faking calls between countries
After that's we will deal with the network in the country, but the law will be the tool,  law which will help telecom operators from being the tool which help identity thief to stealing your  telecom identity 

This is not one man show,this is global movement and I need people from every country to help

In the next links you can see what have I done in my country to prevent telecom identity thief from hacking into the  IVR system of the major Israeli parking service , breaking into gates using fake caller ID what one of the major newsletter Haaretz wrote about it, with deeply covered of my activity in the recent three years.

Since not everything is about media, you might check and see the Parliament in the Scinece Committee (10/12/2013) where I've spoke about it, in order to add into the Israeli law few line which will make the phone line secured then ever.

You have to understand that's any country can avoid people from stealing telecom identities, and with your help this presses can go foreword.

Join me Join us 
Together we will protect our identities

Yours 

Amitay Dan