Submission + - BT flaw puts broadband users at risk (gnucitizen.org)
SecFreak writes: "A flaw in a DSL home gateway could lead broadband users inadvertently to divulge personal information, according to a group of self-styled ethical hackers.
In summary, if the victim visits our evil proof-of-concept webpage, his/her browser sends a HTTP request to the BT Home Hub's web interface. After this, the Home Hub starts a VoIP/telephone connection to the recipient's phone number specified in the exploit page. This is what the attack looks like: the victim's VoIP telephone starts ringing and shows an external call message on the LCD screen along with the recipient's phone number. However, what's interesting is that from the point of view of the victim, it looks like he/she is receiving a phone call from the number shown on the screen, but in fact he/she is calling that number!
http://www.gnucitizen.org/blog/call-jacking
http://www.pcworld.com/article/id,141587-c,onlinesecurity/article.html"