[Full-disclosure] British Telecom remote landline hijack - NCR (No Crocodile-clips Required)

• Previous message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 877-1] New gnump3d packages fix several vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Oct 2005 11:53:29 +0100
To: full-disclosure@lists.grok.org.uk

Overview
--------
British Telecom (BT) operates an automated fault detection and
reporting system that allows anyone to test any line. If the line is
found to be faulty the caller is given an option to divert all
incoming calls for that line to another number, including mobile
phones. No authentication is required and the owner of the line will
be oblivious to the fact that her calls are being hijacked.

Impact
------
An attacker who is either aware of a faulty line or in a position to
cause a fault on a line (e.g. by cutting/shorting it) is able to hijack all
incoming calls to that line without the owners knowledge or consent.
Whilst BT will have a log of the number to which the calls have been
diverted, in these days of mobile-phone vending machines, this
information is useless.

Workaround
----------
Switch to a telephone company that has a clue.

BT may work around this problem by employing more staff rather than
trying to save money by implementing buggy, tortuous, irritating, automated
systems.

Status
------
BT Engineers were notified.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 877-1] New gnump3d packages fix several vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]