T 5.134 Lack of identification of communication partners
When using line switching telephony and when using VoIP, the caller can often be identified using his/her telephone number. The called party can then recognise the caller's number in the telephone display without having to take the telephone call. Integrated Services Digital Network (ISDN) offers the ability to use CLIP (Calling Line Identification Presentation) and COLP (Connected Line Identification Presentation) to transmit the telephone number to the called party's telephone. When using VoIP, this information can be determined using the caller ID. The general term for this function is "call number display".
The telephone number transmitted is also commonly used for authentication purposes. A commonly implemented example of this mechanism is a function enabling the users to listen to the messages on their answering machine without having to enter their PIN or password.
An attacker could assign any telephone number to a telephone by making changes to the switching telephone system, with this number then being transmitted to the called party. The attacker could therefore try to fake his/her identity to the called party (see T 5.42 Social Engineering).
Many telephones offer an incognito function. The caller can enable this function if he/she wants to prevent their own telephone number from being displayed on the telephone of the called party. The telephone number of the caller must still be transmitted, however, to establish the connection. The telephone exchange to which the telephone of the called party is connected decides if the telephone number will be transmitted to the called party based on this specification. By programming the telephone exchange accordingly, it could be configured to ignore the incognito function without the user knowing it.
In homogeneous VoIP networks in which telephone calls are only made via the data network, these problems do not occur in this form, since there is no incognito functionality available. In practice, though, homogeneous VoIP networks are very hard to find. Generally, the local network is connected to a corresponding gateway enabling communication with the users of other telephone systems. For this reason, the problems mentioned above may also occur in the route between the gateway and the telephone of the called party.
In the network used for VoIP telephony, the subscribers are identified based on their IP addresses (or MAC addresses). Port-based identification like in a line switching telephone system is not available with VoIP.
Similarly to with an email, the caller ID of the sender is transmitted in the signalling information to the recipient of a VoIP call regardless of the sender IP address. The caller ID can be forged just as easily as the sender address of an email. In turn, a forged caller ID may cause the recipient to draw false conclusions regarding the identity of the sender. An attacker could therefore pretend to be another user and make a call to yet another user.
The called party could draw false conclusions regarding the identity of the sender due to the forged IP address.
Example:
- By manipulating the telephone system, the telephone number of the managing director of a large-scale company was transmitted by the telephone of an attacker. The attacker uses this manipulation to request certain internal information from an employee who does not know the managing director in person. As this employee thought the caller was the managing director due to the transmitted telephone number, the attacker was provided with all information requested.