Companies and ordinary people are using everyday Caller ID as a way to identified incoming calls, its easy and help us to communicate.
Spoof service, are helping other people to change the caller ID, so they can can the privacy, scam or get sensitive information about other people.
In this short report I would like to pinpoint the effect of this problem in Uber and Gett.
After the client is booking the service, a time frame is being opened and he can call to one of the numbers which the companies are using.
Doing that, allowing the passenger to speak with the driver, and gets information from him, ask where he is and be ready in time for pickup.
The numbers are good to be used for short amount of time, before and after the pickup.
Same system is being used for the drivers, so they won't be able to call directly to the passengers, and that's how the privacy system is being used normally this day all over the industry of taxi/carpooling etc.
However, since both of the companies are using caller ID as a way to give service, potential attacker can spoof the caller ID of his victim and then speak with drivers who are supposed to pick them up.
Next will be simple social engineering, so the attacker will know what is the location of the victim, where the pickup should be and more.
This is huge risk for privacy and personal security of passengers, and since the alternative will be sharing personal numbers with the drivers or passengers, the companies are tends to use middle numbers.
There are range of numbers which can be selected,
In Israel
Gett:+972559302174
Uber+972526231979
Extra information:
1.Example of the phone service while calling from hidden number.
2.Information about the logic being the calling service in Uber website
