Bitphone, the “untraceable” voIP service

Let’s explain what makes the new Bitphone VoIP service, a perfect tool to perform some social engineering calls.

Bitphone is a new VoIP service, a perfect tool to perform some social engineering calls, but why?

Bitphone is like a Payphone, the only difference is that in this case you need to pay it with bitcoins (it accepts around 40 types of bitcoins), what helps the anonymity part.

To be able to use the service, there is no need to register, and you can pay your call by transferring bitcoins from your wallet, all this using a QR code transfer, and when you deal it will show up as an Arizona number.

If you register (not mandatory), there will be one major advantage, you can make show up whatever CLI you want when calling, meaning that you can call yourself and the CLI can even be your own number. You can also do conference calls with 2 people.

Yet about the registration part, there are no email checks about the owner of the email.

The calls are cheap (as many services now).

Bitphone is owned by Solidcloud.io and they say in their terms and conditions, that you must not use this service unlawfully.

There were cases in the past in the UK where regulators closed services that spoof CLI, but since this one is in the US there is no problem (let’s see until when).

Think like a crook and imagine the possibilities behind a service like this one.

About the Author Elsio Pinto

Edited by Pierluigi Paganini

(Security Affairs –  Bitphone,  VOIP)