Sounds like an interesting title, right? Well, apparently it’s an issue that just brought the world of Hollywod closer to geekdom. However, Paris Hilton did not exactly have to know the inner workings of Asterisk to conduct her “hack attack.”
Last August, Paris allegedly spoofed fellow celeb Lindsay Lohan’s caller ID to retrieve the latter’s voice mail. She was also accused of hacking into about 50 other accounts. Or at the very least, someone who had used Paris Hilton’s name was being on a run of mischief.
It seems some mobile networks these days do not bother to ask customers to key in passwords or PINs to retrieve voicemail. All that a user needs to do is to call the network from his/her mobile phone, and the network will connect to the appropriate voice mailbox based on the number that registers on caller ID.
However, inexpensive prepaid services like SpoofCard.com lets users call a toll-free number, key in whatever number they want to appear on caller ID, and dial the desired destination number. This means users can also spoof those numbers, and retrieve the voicemail as if they were the owner of that number.
SpoofCard.com uses Asterisk to run its telephone network. The fake caller ID service provider says there are legitimate uses for its services. For instance, this could be very useful for employees who need to dial into their company telephone networks, but could only gain access if they call in from a number that is recognized being from within the corporate network.
Still, this just goes to show that Asterisk’s outbound caller ID can be misused.