News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obi200 hack?

Started by RedRadish, December 20, 2017, 07:41:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

RedRadish

December 20, 2017, 07:41:51 AM
Came home last night to find our phone ringing off the hook. random numbers were calling our phone and leaving messages, irate about getting hang up calls from our number. Seems like our Obi200 box was hacked and being used to spam/make calls? It was so bad that there were over 20 messages on machine and GV. When people were leaving messages, i could hear the call waiting beeping.

I checked our gmail account associated with the Google Voice number, and changed the password.

Also changed password on firewall (using PFSense machine).

I unplugged the OBi box until i had time to explore. Has anyone else experience this type of hack?

Tks.

GPz1100

#1
December 20, 2017, 08:35:43 AM
There's a new trend in spam calls going around.  Caller ID is spoofed so the first 6 digits match your google voice #. Last 4 are unique.  These are generally robo calls or some other type of spam.  The party called tries calling back, but instead reaches the actual owner of that number (in this case you).

There's the X_BlockedCallers parameter, but i'm not sure if that will accept a partial number/wild card.  It does work with full 10 digit numbers.  Another parameter, X_InboundCallRoute, I believe uses digitmaps which can be configured to reject a certain pattern of numbers?  Digitmaps experts will likely chime in at some point.

drgeoff

#2
December 20, 2017, 08:35:50 AM Last Edit: December 20, 2017, 08:38:04 AM by drgeoff
Your OBi200 may not have been hacked.  Does your GV account show all those calls that were supposedly made from your number?  If not, someone has been spoofing your number.  Nothing you do on your OBi, even unplugging it will stop that.

If they do show on your GV account then check if they have been made from your OBi.  Dial ***1 and its IP address will be read out to you.  Put that in a browser and log in.  User is admin and password is admin if you have not changed that.  Click on Status and then on Call History.  If the 200 call history covers the time of the supposed calls from your number but does not have them, then they were not made from or via your OBi.

GPz1100

#3
December 20, 2017, 08:46:45 AM Last Edit: December 20, 2017, 09:08:37 AM by GPz1100
Take a look at this post, specifically the last line.

http://www.obitalk.com/forum/index.php?topic=7346.msg46906#msg46906


X_InboundCallRoute:
{(x|xx|xxx|xxxx|xxxx|xxxxxx|un@@.):}

If I'm interpreting that correctly, numbers matching that pattern just get dropped?

Say your gv # is 1112226789 so the entry would look like this

{(1111222xxxx):},{ph}

Edit:  Just tested, seems parenthesis were needed.  Also note the leading 1 as calls come in with 1+{10 digit number}.

This will effectively redirect all matching calls to nowhere. After 25 seconds google voice will intercept the call allowing the caller to leave a message.

RedRadish

#4
December 20, 2017, 10:01:48 AM
Yeah. I think it could have been spoofed. However, when i unplugged my obi box, the messages slowed down in my GV account. Today only had one.

Seems like my number was testing numbers to see if they were valid, and hanging up. I get these calls all the time on my cell phone. It is bad if they are spoofing numbers since we will be blacklisted and then our calls will be blocked.

This has really gotten so out of control.

I will try the suggestions when i get home to log into box.

GPz1100

#5
December 20, 2017, 10:13:20 AM
Agreed.  I get these on the cell phone periodically.  Not enough to install a call blocking app yet.  I don't know of anyone with a matching first 6 digits to my gv #.  When such calls do come into the cell I just reject them.  It would be nice if GV offered more customization to call filtering.  In fact, even their spam filter still allows spam through - callcentric blocks many calls that fall through gv's filtering cracks.

RedRadish

#6
December 20, 2017, 10:32:24 AM
found this on google:

Your number has been spoofed. http://en.wikipedia.org/wiki/Caller_ID_spoofing

It isn't Google that failed, it is the Caller ID service that has been compromised illegally by the person that is spoofing your number.

Google doesn't own or operate the Caller ID service

The Caller ID service, however, is susceptible to fraud.  Using a practice known as "caller ID spoofing," callers can deliberately falsify the telephone number and/or name relayed as the Caller ID information to disguise the identity of the calling party.

There is nothing Google can do because this isn't a problem caused by the network or the phone.

Spoofing is a crime as it violates the 2010 Truth In Caller ID Act. You can try to track down the source yourself, but it's an intense task and usually doesn't lead to enough information to get police involved.
More information on stopping and reporting "spoofing" is available at http://www.fcc.gov/guides/caller-id-and-spoofing

RedRadish

#7
December 20, 2017, 12:23:19 PM
I reported it to FCC. See what that does. Probably not much...
Print
Go Up Pages1
User actions