The
Caller ID Buffer is the
memory area in a caller ID unit which stores caller information for past calls. Current semiconductor technology dictates that it can only hold a
finite amount of caller ID data, and cost saving measures dictate that it must be a very small amount of memory. typical caller ID units store information on the last 10, 50, or 100 calls.
A
buffer overflow is when a memory or storage buffer has more data coming in than going out. When it finally reaches its limit, it must lose data - sometimes it simply drops incoming data, but most often it overwrites the oldest data with the new incoming data.
In a caller ID, this means that if you do not erase caller ID information once you've reviewed it (or if you never review it) then it will simply form a loop of the last X calls, X being the number of calls it can hold it its finite and small memory.
Caller ID Buffer Overflow Exploit - when the attacker calls repeatedly so as to overwrite the entire buffer with new, and often redundant, data.
Fortunately,
smart Caller ID devices simply count the number of times a single number has called
sequentially and stores that.
So a caller ID log would be:
Joe Black - (010) 733-3373 - 320 calls - last
day and
time
Phineous Gray - (010) 734-9924 - 1 call - day and time
etc.
Such ID units typically have enough
memory to store 50 or more past calls. The
limitation here is that a
potential buffer-overflow artist need only posess two
phone numbers, dialing alternately, to run out the buffer.
The upside to all of this is that there
are things you can do about this. You can complain to the authorities (since you have the number) about
harrassment. You can use a computer to track the Caller ID, and store
practically an infinite number of calls. You can ignore Caller ID altogether. Surprisingly, people were still able to use the phone system effectively
even before answering machines nevermind caller id.