Details of Unlisted Number Address "Exploit" Revealed

Lauren Weinstein lauren at vortex.com
Thu Dec 20 07:32:18 PST 2007



            Details of Unlisted Number Address "Exploit" Revealed

                http://lauren.vortex.com/archive/000347.html


Greetings.  After due consideration, some expert advice, and since
the firm involved obviously feels that they're not doing anything
wrong (will everyone else agree?), I've decided to release the
details of the unlisted number to address lookup "exploit" I
outlined in "Psst! Wanna Know the Street Address for an Unlisted
Number?" ( http://lauren.vortex.com/archive/000346.html ) -- please
see that entry for the background on this situation.  This "exploit"
is still up and running as of a few minutes ago.

As noted previously, this technique is extremely successful at
revealing the street addresses for U.S. landline (non-mobile)
telephone numbers, including those aforementioned unlisted numbers.
The returned information isn't 100% accurate for all queries and
some numbers are missing -- I suspect stale data in certain
situations -- but it's very "good" overall.

Also, the full text of a response I received from the company's
(apparent) public relations firm is available for your perusal and
amusement ( http://lauren.vortex.com/acceller-rocket-response.txt ).

Calling this procedure an "exploit" is actually a misnomer as you'll
see, since it's simple and direct to access once you know where it
lives -- and even that is unfortunately relatively obvious, so it
seems very likely that it's already being used for "unintended"
purposes.  My hope is that broader knowledge of this matter may lead
to a more rapid resolution of the situation, since the firm chose
not to limit this data after I called their attention to the privacy
issues involved.

As you probably know, various large cable television and other
service firms (e.g. Time Warner, Comcast, etc.) offer an array of
Web-based offers via their Web sites.  The most typical means for a
new customer to query these sites about available offers at their
location is via their phone number.

And as it turns out, a major provider of back-end database and
related operations provides various functional aspects of many
related Web sites.  Enter a phone number at the Time Warner offers
site, for example, and it's likely to actually be processed by this
back-end service (sometimes in a quite obvious manner).

It is also apparently possible to make similar queries via voice
calls to a toll-free number at the back-end services firm's call
center, but I have not explored the non-Web aspects of this
operation in detail.

Rather than worry about the cable firms in this example (though we
could go through their sites as well when they link to this company)
we might as well go directly to the back-end operation that's
providing the information, since their own site apparently gives
access to exactly the same data.  Here we go ...

The company under discussion is Acceller, Inc., and you can visit
their services access page at:

 http://digitallanding.com

In the upper right-hand corner of the page, you'll find a "Search
For Offers" form where a phone number may be entered.  It's that
simple.  (Note: You may need to have cookies enabled for this to
work, and Internet Explorer may perform better than other browsers
in some cases for these queries.)

Enter a phone number, watch the bouncing ball for 10 seconds or so,
and then you stand an excellent chance of seeing a street address
revealed for U.S. non-mobile numbers (along with the various service
offerings available at that address, of course).

The "geniuses" who programmed that site probably won't be getting
any job offers from Google anytime soon.

The implementation error is serious and obvious.  The proper
procedure to avoid revealing private information about unlisted
numbers would be to have the user enter their address -- not reveal
it from the database based on phone number -- and then verify it yes
or no against the database (even this suggested technique has some
privacy issues, but they are relatively less serious and could be
minimized in various ways).  By taking the "helpful shortcut" of
revealing the address, the system is putting at risk -- for free and
unlimited access by anyone at any time -- the private address
information for unlisted numbers.

I'm afraid that's really all there is to it.  Simple, clean, and
neat, to be sure.  If you've been paying your local phone company
every month for an unlisted number and are upset by this situation,
I urge you to contact your telephone company, Acceller, and -- who
knows? -- perhaps even your legislative representatives might be
intrigued, among other persons and groups.

Unfortunately, this isn't the sort of Christmas present that most
people probably would wish for.  But it appears to be Acceller
that's doing all of the ho-ho-hoing.

--Lauren--
Lauren Weinstein
lauren at vortex.com or lauren at pfir.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list