EEVblog Electronics Community Forum
Products => Computers => Security => Topic started by: DrG on July 03, 2021, 01:43:59 pm
-
https://www.fcc.gov/call-authentication (https://www.fcc.gov/call-authentication)
https://www.cnn.com/2021/07/02/tech/robocall-prevention-stir-shaken/index.html (https://www.cnn.com/2021/07/02/tech/robocall-prevention-stir-shaken/index.html)
https://transnexus.com/whitepapers/stir-and-shaken-overview/ (https://transnexus.com/whitepapers/stir-and-shaken-overview/)
From what I gather, this is a certificate-based authentication system that will, later in Sept. (two years later for small wireless carriers), require blocking of spoofed caller-ID. Techniques to be able to do this are now required.
I notice that some carriers are already touting their part in the war against robocalls, e.g., https://www.verizon.com/business/products/contact-center-cx-solutions/voice-security/stir-shaken-caller-id-identification/ (https://www.verizon.com/business/products/contact-center-cx-solutions/voice-security/stir-shaken-caller-id-identification/)
Naturally, worries include, accidental or otherwise inaccurate blocking and missed blocking (leading to false authentication).
It will be interesting to see how this plays out.
-
Also interesting to watch how the SaaS messaging services navigate these requirements and how they ensure compliance. Recent interactions on the topic with Twilio (top tier provider) and Plivo (mid tier provider) have revealed these companies still have some work to do to get their act together.
-
I can't wait! I am so damned tired of spoofed caller-ID numbers that are not only in my area code, but also in my exchange. I once asked a sub-continental voice where he was located, since his phone number appeared to come from my block--like the police telling the baby-sitter that the evil call comes from inside the house.
-
I didn't read the article but let's just say that I'm skeptical. The FCC has NEVER been involved in regulating the telecommunications industry in the US. Telecommunications in the US has always been regulated through state agencies and the (completely in-effective) USG's FTC. IF the FCC is allowed to make rules, then it will be a fundamental shift in the regulatory authority of the Telecommunications Industry in the US.
The "spoofing" of phone numbers was originally allowed specifically so allow police in the US to make undercover phone calls without giving away the true origin of their phone calls. But since then the US phone companies have allowed anyone with money to do the same.
Even if the FCC makes rules, how are they going to enforce that on companies making spoof calls from outside of the US?
-
Telecommunications in the US has been assigned to the FCC since the Communications Act of 1934. States do not have the authority to regulate interstate commerce.
-
Even if the FCC makes rules, how are they going to enforce that on companies making spoof calls from outside of the US?
By fining the first company to route it inside the US border? If it's not signed and signals an US phone number it shouldn't be allowed to come into the country, problem solved. Run an ingress filter or get fined into oblivion.
-
Pretty sure the spammers here just use VoIP services with Australian dial-out numbers. They appear as Australian land-line or mobile numbers. This mechanism wouldn't block them.
-
Pretty sure the spammers here just use VoIP services with Australian dial-out numbers. They appear as Australian land-line or mobile numbers. This mechanism wouldn't block them.
If the VoIP service can't spoof and does business with scammers it will get blocked by carrier anti-spam services almost immediately assuming the carriers are allowed to offer them (which they are in the US AFAIK). Even if not, people will be instantly suspicious of unknown numbers which is why scammers try to use recipient area codes or worse. Spoofing is pretty much necessary for scam calls, people have gotten too suspicious.
-
I don't know if others are seeing the same, but recently I am noticing "verified" or (V) on caller ID tags. There has been a decrease in BS calls in the last week or two...at least I think so. Anybody noticing similar?
-
I haven't seen that in the US but to tell the truth I haven't gotten a legitimate call on a land line phone in months so I might have missed it. But FWIW I am still getting SCAMMER calls on those lines.
-
STIR/SHAKEN is a complex solution looking for a problem.
It MAY help a bit. The FCC used to very active in finding and fining tele-scum. I know I used to report things and get action. Then the sort of blew off consumer reports. Then the problem got big.
Like most government things, they created a committee to look at ways to stop the caller SPAM. Some very easy and quick things were put out, but they required the major Telecos to do work, they all got rejected and we got out of it STIR/SHAKEN.
Just cut off all inbound IP calls from a certain country, and the problem is solved. On, no, a lot of legit companies have call centers in the same cities as the scammers you say. Well, I say, too bad. They outsourced operations to get cheap labor, they also outsource their reputations. They can pull that back to some place that is not full of scammers or where they can be quickly reached by FCC the FCC and courts.
-
We are way, way past due for some kind of solution to this. I get probably 3-8 robocalls every single day, it has gotten so bad that I stopped answering my phone years ago for any numbers not in my contact list. It's also the reason I dumped my landline back around 2008, the only calls I was ever getting anymore were political robocalls. Spam calls have completely ruined the telephone as a means of communication.
-
We are way, way past due for some kind of solution to this. I get probably 3-8 robocalls every single day, it has gotten so bad that I stopped answering my phone years ago for any numbers not in my contact list. It's also the reason I dumped my landline back around 2008, the only calls I was ever getting anymore were political robocalls. Spam calls have completely ruined the telephone as a means of communication.
I hear ya. I get spam calls and messages every day asking me if I want to sell my house. It's really getting out of control. The T-Mobile spam blocker this evening says it blocked TEN calls from the same number in a matter of minutes.
-
I don't understand why the carriers seem reluctant to do something about this, it really makes their product a lot less appealing. At the very least there should be an option in every phone or every carrier to flat out not respond at all to any number not in the list, don't ring the phone at all, just go to voicemail and require a specific button or phrase to leave a message.
-
Even if the FCC makes rules, how are they going to enforce that on companies making spoof calls from outside of the US?
By fining the first company to route it inside the US border? If it's not signed and signals an US phone number it shouldn't be allowed to come into the country, problem solved. Run an ingress filter or get fined into oblivion.
Well, you were right in as far that the FCC didn't even think about closing the loophole ahead of time. But the FCC does seem to have the same level of common sense as me, just handle it at whoever brings the traffic inside the US.
https://arstechnica.com/tech-policy/2021/10/fcc-plans-to-rein-in-gateway-carriers-that-bring-foreign-robocalls-to-us/
-
I don't understand why the carriers seem reluctant to do something about this
AFAIK until recently they weren't even allowed to drop calls they thought were spam.
Most of them now seem to have spam blocking services and some even pass on the stir/shaken verification.
-
So far to my main phone, spam calls from spoofed phone numbers (often in my area code, even in my exchange) continue to get through.
When I call back to a "missed call" out of curiosity, the result is usually "the number you have dialed is not in service".
Just like with my old landline, the spam calls never ring more than four times. That was my filter years ago.
-
I don't know if others are seeing the same, but recently I am noticing "verified" or (V) on caller ID tags. There has been a decrease in BS calls in the last week or two...at least I think so. Anybody noticing similar?
I went and looked at the last 50 calls on my land line phone and four of them (all from close family members) show (V), and another one shows that it came from a local medical center but without a V so i don't know if it is legitimate or not. About 35 shows "Suspected Spam" and all of the others show as an unknown callers. So there does seem to be some progress in identifying the callers but not in automatically blocking them.
-
So far to my main phone, spam calls from spoofed phone numbers (often in my area code, even in my exchange) continue to get through.
When I call back to a "missed call" out of curiosity, the result is usually "the number you have dialed is not in service".
Just like with my old landline, the spam calls never ring more than four times. That was my filter years ago.
Those (the spoofed numbers) are the ones that I no longer get...at least so far. I'm always seeing the 'verified' or "V". I may get some without verification but have not noticed yet. The last point is something I am keeping my eye out for because I am thinking that the telcos will be reluctant to not pass through calls if there is a doubt about verification - at least at first.
Is your service provided by a large telco? Smaller ones have longer to comply and I am wondering if that is your situation or whether they have not yet implemented it or ?
-
So far to my main phone, spam calls from spoofed phone numbers (often in my area code, even in my exchange) continue to get through.
When I call back to a "missed call" out of curiosity, the result is usually "the number you have dialed is not in service".
Just like with my old landline, the spam calls never ring more than four times. That was my filter years ago.
The spoofed numbers in my exchange are funny, I don't know anyone whose number is in the same exchange, so rather than appearing to be someone I know, it is immediately obvious that it's probably a spoofed spam call.
The phone itself could easily reject calls from any number not in the contact list and send them straight to voicemail, but I don't believe that feature is there.
-
I have asked human operators with non-local accents from such calls if their office were next door to me, and they
did not understand, even when I explained myself.
-
The spoofed numbers in my exchange are funny, I don't know anyone whose number is in the same exchange, so rather than appearing to be someone I know, it is immediately obvious that it's probably a spoofed spam call.
The phone itself could easily reject calls from any number not in the contact list and send them straight to voicemail, but I don't believe that feature is there.
I do not send to voicemail. It identifies you are a live number.
I block anyone who I do not recognize. One of the biggest offenders is/was Charles Schwab. Its calls do/did not include a relevant caller ID. I blocked them. For some reason, it doesn't want to use email? Hmmm ... I wonder why? (So, far, it has complied, but not with any content. Basically, its emails ask me to contact it. Yes, I am considering changing, but there are some good aspects to it too.)
-
It goes to voicemail eventually no matter what. I don't care if they know it's a live number if none of those calls ever ring my phone.
-
I have asked human operators with non-local accents from such calls if their office were next door to me, and they
did not understand, even when I explained myself.
They don't know what number they're calling from. They're just low wage people hired to work in a sweatshop call center.
-
Yes, I know that. They still annoy me.
-
After just a few days, I am starting to see more unverified and, presumably, spoofed CID numbers. How to deal with these, apart from not answering, is the same old problem.
I took a look at some of the "spam blockers"; one of them says this:
Spam blocker will categorize and label nuisance calls into three categories based on level of risk. “High Risk” calls will be blocked, “Medium Risk” calls will be sent to voicemail, and “Low Risk” calls will ring through to your phone and show as “Spam?” on your Caller ID. You will have the ability to adjust these settings to meet your needs.
Given that there is no point in blocking a spoofed caller ID, it seems (I have a sneaky suspicion) like blocking based on adjustable rules is an unnecessary and ineffective approach. The whole STIR/SHAKEN protocol is to use a certificate based system to authenticate caller ID - no? This "spam blocking" approach appears to be ill-advised unless it is a tacit admission that the protocol is already a fail.
-
Losing access to all foreign based helpdesks isn't an option, FCC should have made it mandatory for any US signalling number, but baby steps. A little patience required.
-
I used to get spam from the same numbers over and over. I put them in contacts, made a group for them and gave the group a special ringtone.
Then I found koodo in Canada has some nice features. Callers who aren't in your list hear a number and have to enter it before they get through. Haven't had 1 spam call since I enabled that.
-
I'm sure the Direct Marketing Industry will get their way and whatever the law says it does, it will have the exact opposite effect, as always.
The things the politicians most want to stop these days are whistleblowers of various kinds, not spammers or even robo callers. . I didn't read the article but let's just say that I'm skeptical. The FCC has NEVER been involved in regulating the telecommunications industry in the US. Telecommunications in the US has always been regulated through state agencies and the (completely in-effective) USG's FTC. IF the FCC is allowed to make rules, then it will be a fundamental shift in the regulatory authority of the Telecommunications Industry in the US.
The "spoofing" of phone numbers was originally allowed specifically so allow police in the US to make undercover phone calls without giving away the true origin of their phone calls. But since then the US phone companies have allowed anyone with money to do the same.
Even if the FCC makes rules, how are they going to enforce that on companies making spoof calls from outside of the US?
The worst are calls pretending to be "Dealer Services" trying to get people to renew automobile extended warantees. Its annoying.
Whatever happeed to the opt out rule where people could opt out of all telemarketing. (without giving them all your info so they could target you.)
-
You know what's really annoying, I just got a new number for a business line and it gets way more junk calls than my old number that I've had for 15 - 20 years. And I haven't given it to anyone yet!
-
That suggests that the spam callers are randomly dialing 7-digit numbers in search of prey.
Otherwise, could they have access to a database of newly-issued phone numbers? I don't believe that is in the public domain.
Years ago, with a landline, I made a practice of never picking up before four complete rings. With my current home cell phone, I find that the suspicious calls are predictably ringing for 3.5 ring cycles, hanging up before the fourth ring completes.
-
That suggests that the spam callers are randomly dialing 7-digit numbers in search of prey.
Otherwise, could they have access to a database of newly-issued phone numbers? I don't believe that is in the public domain.
Years ago, with a landline, I made a practice of never picking up before four complete rings. With my current home cell phone, I find that the suspicious calls are predictably ringing for 3.5 ring cycles, hanging up before the fourth ring completes.
My guess is the number has been recycled. Whoever had it before me was not as protective of it as I have been with my personal number.
I wish suspicious calls hung up that early out here. For me they leave a voicemail, often blank, either way, I have to go into my voicemail to delete it.
-
Being retired and having time on my hands, I would often call the "missed call" number (which was almost always spoofed) and get the telco announcement "The number you have called is not in service". Very rarely, the actual phone number was actually in service for an innocent account holder, who was surprised to hear from me. I found it amusing that the spoofed phone number is often not only in my 3-digit area code, but also in my 3-digit exchange, implying that the "Federal Reserve legal department" office or "Medicare benefits office" is in my neighborhood.
-
This will not help, according to the following video.
Video says this only applies to large phone companies (for two years), so the robocallers will just switch to small phone companies.
I don't know, just passing along information. :-//
Another Robocaller False Alarm!
https://www.youtube.com/watch?v=v95lfHOzGbw (https://www.youtube.com/watch?v=v95lfHOzGbw)
-
I don't understand why the carriers seem reluctant to do something about this, it really makes their product a lot less appealing.
If you're of a certain age, you might remember the SNL sketch with Lily Tomlin playing an AT&T operator who tells the truth:
"We don't care. We don't have to. We're the phone company."
-
I found it amusing that the spoofed phone number is often not only in my 3-digit area code, but also in my 3-digit exchange, implying that the "Federal Reserve legal department" office or "Medicare benefits office" is in my neighborhood.
Apparently, the Federal Reserve Legal Department calls people from cell phones!
-
I don't understand why the carriers seem reluctant to do something about this, it really makes their product a lot less appealing.
If you're of a certain age, you might remember the SNL sketch with Lily Tomlin playing an AT&T operator who tells the truth:
"We don't care. We don't have to. We're the phone company."
Those of us even older remember when Lily Tomlin started her character Ernestine the telephone company operator on "Rowan and Martin's Laugh In" (1967 to 1973). "And as a special favor, I'm enclosing our three-color brochure on phone etiquette. You might find it useful."
-
If you're of a certain age, you might remember the SNL sketch with Lily Tomlin playing an AT&T operator who tells the truth:
"We don't care. We don't have to. We're the phone company."
But there isn't just one phone company anymore, there are loads of them to choose from. Used to be they really didn't have to care, they had a total monopoly. That isn't the case anymore.
-
Technically, there were more telephone companies back then, but AT&T absolutely dominated the market before it was broken up. In the 1967 film “The President’s Analyst” with James Coburn, the most insidious of the secret agencies is TPC (The Telephone Company), worse than the CEA and FBR.
-
Video says this only applies to large phone companies (for two years), so the robocallers will just switch to small phone companies.
It's in flux, there's a proposal to limit the exemption and exclude "small carriers" which don't have a couple huge (robocaller) customers to june next year.
-
Being retired and having time on my hands, I would often call the "missed call" number (which was almost always spoofed) and get the telco announcement "The number you have called is not in service". Very rarely, the actual phone number was actually in service for an innocent account holder, who was surprised to hear from me. I found it amusing that the spoofed phone number is often not only in my 3-digit area code, but also in my 3-digit exchange, implying that the "Federal Reserve legal department" office or "Medicare benefits office" is in my neighborhood.
I've heard more than once of people getting irate calls from strangers accusing them of calling them with scams. Unfortunately what has happened is the randomly generated number some scammer used happens to be the actual phone number of some poor sap who has no knowledge of their number being used for this.
-
....
I don't know, just passing along information. :-//
Another Robocaller False Alarm!
I watched the video. I see no valuable new information. The links in the OP give the story in a much cleaner fashion. As has already been noted, it is a dynamic situation.
The approach of screaming; it is just a FALSE ALARM, it won't work and, they could fix it if they wanted to ....is not valuable information to me - it is simple venting. Did I miss the grand proposal revealed in that video? You know, the one that would fix the problem?
-
I've heard more than once of people getting irate calls from strangers accusing them of calling them with scams. Unfortunately what has happened is the randomly generated number some scammer used happens to be the actual phone number of some poor sap who has no knowledge of their number being used for this.
Happens also over here. Despite local regulations enforce correct caller IDs for call centers, telcos don't check the IDs of calls originated in other countries. A while ago some Indian call enter tried to scam me and they have set their caller ID to a different German number each time they called. AFAIK, it would easy for telcos to overwrite the fake caller ID with the correct line number as they receive also the line number from the originating telco for billing reasons. For a legitimate custom caller ID, like a local toll-free number for a call center outside the country, they could implement some registration process to allow the custom ID.
-
A while ago some Indian call enter tried to scam me and they have set their caller ID to a different German number each time they called.
If it's a real caller, just put the phone up to the smoke alarm and press the button. Or better yet, perhaps someone can figure out what bit sequence decodes to the loudest possible sound and write an app to blast the scammers?
-
If it's a real caller, just put the phone up to the smoke alarm and press the button. Or better yet, perhaps someone can figure out what bit sequence decodes to the loudest possible sound and write an app to blast the scammers?
When I took their first call I cursed them in Hindi. ;D hint: search for "bad words in Hindi"
The idea with the loud sound might work also. But I would implement it in my VoIP PBX.