יום ראשון, 30 בספטמבר 2018

Caller ID project - IEC we have a problem


~~This article is for awarness only, don't use it to gain information about other people~~~~

As part of my ongoing project about Caller ID I'm sharing this data.

The IEC (Israel Electric Company)  is exposing the physical address of the clients, with or without the needs of spoof call.
All the attacker needs to know is the phone number, known or unknown target.

Later, he can type it in the IVR system, where client can inform about problems.
As a results, the IVR system is sharing the address which is connected to this phone number.

Since most of us, have electric power connected to our houses, and bill to pay -  it's really hard to prevent it, even in situation when the privacy is important
Calling the IEC is very simple:

Short number from Israel 103
Local and international:
+972(0)4-8187100
~~~~~~~~~~~~~~~~~~~~~
Exploit for address in Hebrew
Call from blocked number and then

 103;1;1;*;{target phone number},#;1

+972(0)4-8187100;1;1;*;{target phone number},#;1
~~~~~~~~~~~~~~~~~~~~~~
Exploit for address in English
Call from blocked number and then

 103;2;1;*;{client phone number},#;1

+972(0)4-8187100;2;1;*;{client phone number},#;1
~~~~~~~~~~~~~~~~~~~~~


The IEC  already in the loop, so I hope they will fix it sooner then later.

We must understand that our dependency  on Caller ID is totaly worng, just like missing of SSL in web services.

In this case study,  potenial actor don't have to change the caller ID in order to get data, so it's very good lesson of what to avoid.

More information about the caller ID project will be shared here in my blog, or my Twitter account.




It seems that this problem came after an idea to make better service to the clients 

המצור הדיגיטלי של טינדר על רצועת עזה והאזורים שמעבר לקו הירוק, ומה הקשר לצפון קוריאה?

For my English reader: I've found that Passport  feature which is part of Tinder Plus services , is not supported in Gaza and behind ...