A cybersecurity expert explains how we might learn to trust our phones again
Last month the Federal Communications Commission announced it was ordering phone providers to block any calls coming from a known car warranty robocall scam, offering hope that U.S. phone users may hear that all-too-familiar automated voice a little less often.
Spam callers are changing the caller ID that shows up on your phone to a number that's close to you, and that's illegal.
The question to me is always "How come they can just change their number?" That seems kind of crazy, right? You place a phone call, your provider-AT&T, Verizon, whatever-knows your phone number.
The networks got more complex-a phone call will just come in, and nobody's checking to say, "Oh, wait, who is originating this call? Is it actually the same number?" It actually does have a purpose.
It adds a field when you're making a voice call that says, "I am this entity, and I have verified the caller ID." This allows anyone who's transmitting that request to look at that header message and say, "Okay, I can verify with cryptography that, yes, this actually is the originator."
Now the problem is if a call comes in from a VoIP provider overseas.
The FCC actually orders companies to block robocall scam calls.
What you'd probably use is some type of pattern detection based on: Where are these calls coming from? What's the number of times that people answer this call or not? How long are the durations of the calls? All these types of things [matter] as you try to identify as many different features as possible that separate good calls from bad calls.
You create fake numbers that you don't give out to anybody, so any phone calls to those numbers are unwanted.
If you're the phone company, you don't know what's going to be said when somebody answers that call.