|
|
|
|
|
|
by IanCal
2804 days ago
|
|
|
Not really sure how these things work so this is an honest question: Why would they be receiving the tones once the connection is made? Isn't it the same as me just whistling at particular frequencies? I didn't think it was sent in a different manner. Or do you mean it goes through the carrier just like if you spoke your card number over the phone to someone? |
|
|
1. In the regular audio stream (AKA in-band) so anyone who can listen to the phone call, can also listen to these tones. These tones can be mapped to the digits pressed.
2. In a separate RTP payload (AKA out-of-band) so not everyone can read / listen to this stream of signals / tones. RFC 4733 (earlier it was RFC 2833) specifies the format of this RTP payload. This is what the payment via phone systems might be using.
There is a secure RTP with encryption support, but I am not sure if it can be implemented end-to-end to avoid anyone in middle (not a man-in-middle attacker, but a genuine carrier / network) to see these DTMFs. Just unable to imagine how this works :)