log of sent DTMF tones

Simon Busch morphis at gravedo.de
Sun Apr 8 21:03:55 CEST 2012

On 08.04.2012 14:11, Matthias Apitz wrote:
> Hello,
> I was testing something and used a toll free number of my local
> bank (because it is free and there is a voice and DTMF System menu
> to play around)... I was suprised seeing lines like this in 
> /var/log/fsogsmd.log:
> 2012-04-08T11:49:59.395616Z [INFO]  libfsotransport <0710:2>: SRC:
> "+VTS=#" -> [ "OK" ]
> The value of +VTS=x is the DTMF tone to send; the value x should
> not be logged, at least not in the INFO level; keep in mind that
> such DTMF tones often are used to send credentials, PIN or other
> secret information to the other side of a call. While it is
> technically nearly imposible to intercept them in the call, it is
> prety much easy to read them out of the log files of a (stolen or
> lost) phone.
> I will file a bug report in Trac for SHR.

Can you please file a bug report in FSO trac too and link it with the
SHR bug? This is something really related to the core of fsogsmd.


Simon Busch - http://mm.gravedo.de/blog/

More information about the community mailing list