log of sent DTMF tones
Simon Busch
morphis at gravedo.de
Sun Apr 8 21:03:55 CEST 2012
On 08.04.2012 14:11, Matthias Apitz wrote:
>
> Hello,
>
> I was testing something and used a toll free number of my local
> bank (because it is free and there is a voice and DTMF System menu
> to play around)... I was suprised seeing lines like this in
> /var/log/fsogsmd.log:
>
> 2012-04-08T11:49:59.395616Z [INFO] libfsotransport <0710:2>: SRC:
> "+VTS=#" -> [ "OK" ]
>
> The value of +VTS=x is the DTMF tone to send; the value x should
> not be logged, at least not in the INFO level; keep in mind that
> such DTMF tones often are used to send credentials, PIN or other
> secret information to the other side of a call. While it is
> technically nearly imposible to intercept them in the call, it is
> prety much easy to read them out of the log files of a (stolen or
> lost) phone.
>
> I will file a bug report in Trac for SHR.
Can you please file a bug report in FSO trac too and link it with the
SHR bug? This is something really related to the core of fsogsmd.
regards,
Simon
--
Simon Busch - http://mm.gravedo.de/blog/
More information about the community
mailing list