log of sent DTMF tones

Matthias Apitz guru at unixarea.de
Sun Apr 8 14:11:34 CEST 2012


I was testing something and used a toll free number of my local bank
(because it is free and there is a voice and DTMF System menu to play
around)... I was suprised seeing lines like this in

2012-04-08T11:49:59.395616Z [INFO]  libfsotransport <0710:2>: SRC: "+VTS=#" -> [ "OK" ]

The value of +VTS=x is the DTMF tone to send; the value x should not be logged,
at least not in the INFO level; keep in mind that such DTMF tones often
are used to send credentials, PIN or other secret information to the
other side of a call. While it is technically nearly imposible to
intercept them in the call, it is prety much easy to read them out of
the log files of a (stolen or lost) phone.

I will file a bug report in Trac for SHR.


Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru at unixarea.de> - w http://www.unixarea.de/
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5

More information about the community mailing list