Caller-ID Spoofing

• Vulnerability:

• • Protocols are un-authorized and un-verified end-to-end
  • End-point supplied data is not challenged
  • Many automated systems use Caller-ID information to authenticate users

• Attack:

• • Initiate a call with falsified Caller-ID information

• Effect:

• • An attacker may appear to the called party as someone they are not
  • An attacker may be erroneously authenticated