Wednesday, January 2, 2008

Worldwide free calls through a security breach

I got a tip about four free phone gateways in a European country. They let you call almost every fixed or mobile phone number in the world at no charge. "The gateways haven't a pin authentication, so the minimum security rules aren't respected", says the tipster. "If you test it will you see also caller ID is forwarded. A real good service." Oh yes, I understand the guy's enthusiasm. People love free phone calls.

So these four numbers could be the ultimate callthrough solution, the new Yak4ever. If it only wasn't illegal. That's why I don't publish them. The tipster even sent detailed instructions on how to use these numbers. You just need free calls to that country, which you get for instance from Truphone or several Betamax companies. After the tone you type in the callee's number with international prefix, followed by the hash key (#), to be connected.

A poor company must have forgotten to take the most basic security measures. This security breach is said to be open for more than one year already, since December 2006. Which makes me wonder whether it's a bug or a feature. If a study from Stealth Communications is right then phreakers steal a staggering two hundred million minutes per month valuing around $26 million. No wonder if some companies make it so easy.


Just minutes after posting this blog entry I had a reader from Sindh, Karachi, Pakistan. I looked him up in my log files after getting his message: "Sir I am the regular reader of your forum, I want to make a free call to my relatives outside the country, Actually I am from a very poor family, Sir can you give me that 4 gateways number where i can call free to my relatives. plz".

Unfortunately that is not possible, although I still feel the giving spirit of Christmas. What's illegal is illegal. There is a not so thin red line between free phone calls from companies with loads of venture capital and plain theft.


  1. Markus,

    I have the same info but i didnt share it with the users. It will be day light robbery for the company, if we share this online. Especially when we have large reader base. This would be abused to a level we cant even think of.

    Its better to keep mum in this situation. I didnt even bother to post it on the blog.

  2. certainly you most also consider the possiblity that if you publish these numbers publically that it may lead to the security hole being quickly fixed and actually save this poor company some money over time.

    if it is being used only very little the company will likely never notice the additional calls. if published on an open forum like yours the hole will almost surely be fixed after the first billing cycle if not even much sooner.

    if you know who the number belong too than of course you can just contact them directly. but if not maybe publishing is not that bad of an idea.

  3. Vinay and the other commentator have two very oppositional standpoints on how to prevent an abuse of this security hole. One advocates to publish the numbers as an alert to the company and the other recommends to keep mum because it "would be abused to a level we cant even think of".

    Last year I heard of a company which lost €40K in just four days, only because someone sold their Asterisk passwords to a Baltic call center. So the publication of these numbers is no option.

    Unfortunately I also couldn't find out the company's name by looking up these numbers.


Note: Only a member of this blog may post a comment.