log of sent DTMF tones, AT+VTS=

[gurucubano]

I was testing something and used a toll free number of my local bank (because it is free and there is a voice and DTMF System menu to play around)... I was suprised seeing lines like this in /var/log/fsogsmd.log:

2012-04-08T11:49:59.395616Z [INFO] libfsotransport <0710:2>: SRC: "+VTS=#" -> [ +"OK" ]

The value of +VTS=x is the DTMF tone to send; the value x should not be logged, at least not in the INFO level; keep in mind that such DTMF tones often are used to send credentials, PIN or other secret information to the other side of a call. While it is technically nearly imposible to intercept them in the call, it is prety much easy to read them out of the log files of a (stolen or lost) phone.

See also: ​http://trac.shr-project.org/trac/ticket/1922

[morphis]

Tested this and with todays libfsotransport everything is only printed in DEBUG log level. See below.

2012-05-04T12:17:24.469384Z [DEBUG] PhonesimModem <>: Created mediator FsoGsmCallSendDtmf
2012-05-04T12:17:24.469441Z [DEBUG] libfsotransport <127.0.0.1:3001 (fd 7)>: Attemping to write next command to transport; we have 1 commands pending!
2012-05-04T12:17:24.469466Z [DEBUG] libfsotransport <127.0.0.1:3001 (fd 7)>: Wrote '+VTS=1;+VTS=2;+VTS=3;+VTS=4'. Waiting (5s) for answer...
2012-05-04T12:17:24.469489Z [DEBUG] libfsotransport <127.0.0.1:3001 (fd 7)>: WriteCallback called with 31 bytes in buffer
2012-05-04T12:17:24.469536Z [DEBUG] libfsotransport <127.0.0.1:3001 (fd 7)>: WriteCallback wrote 31 bytes
2012-05-04T12:17:24.475257Z [DEBUG] libfsotransport <127.0.0.1:3001 (fd 7)>: SRC: "+VTS=1;+VTS=2;+VTS=3;+VTS=4" -> [ "OK" ]