What are the security implications of ANI / Caller ID spoofing?
Most of those relying on it do not realise how easy it is to spoof. Automated / manual verification systems such as used by credit card companies can be sent false information. Identity spoofing e.g. someone calls the mobile phone of a prominent employee in a company spoofing the caller id of a fellow worked who is in their address book. The name of the fellow worker shows up on the target’s phone screen, and due to the limited bandwidth (reduced quality) of calls over the cellular / mobile network the target does not realise (would you question the identity of a colleague?) who they are actually talking to. Most mobile / cellular phone providers offer an answer phone service which can be set to not require a pin when calling from the phone its self. Some of these services verify using ANI and can therefore be accessed by anyone spoofing the phones own number when calling the message centre.
