Hello, And Please Don’t Hang Up: The Scourge of Robocalls November 12, 2018
News

Over the last few months, I’ve noticed extra calls coming in from local numbers, and if you live in the US, I suspect maybe you have too. These calls are either just dead air, or recordings that start with “Please don’t hang up.” Out of curiosity, I’ve called back on the number the call claims to be from. Each time, the message is that this number has been disconnected and is no longer in service. This sounds like the plot of a budget horror movie, how am I being called from a disconnected number? Rather than a phantom in the wires, this is robocalling, combined with caller ID spoofing.

Automated phone switching is an impressive beast. The story often told is that Kansas City had two undertakers in the late 1800s. The town’s telephone operator was married to one of the undertakers, and she would routinely send business to her husband. The other undertaker was [Almon Brown Strowger], and once he caught on to what was going on, he started working on a way to route phone calls without going through an operator. His invention eventually became the rotary dial phone and switching system. There is some irony that the automatically switched telephone network was invented to defeat fraud, and today it’s also used to commit fraud.

Number Spoofing is a Side Effect of the Ma Bell Breakup

At Hope XII, [TProphet] gave a talk about robocalling and the history of the phone system. He talked about the breakup of AT&T and the associated government regulation, and how those two events have had unintended consequences today, like enabling caller ID spoofing and robocalling. Part of the agreement between the U.S. Government and AT&T is that all calls would be accepted, even calls from competing providers. The downside is that this regulation then legally prevented AT&T from blocking phone calls even when those calls are known to be spoofed or spam.

Signalling System 7 (SS7) was designed in the 1970s, and has become the international standard for routing phone calls. This standard was written in a time when network security was an afterthought: SS7 has no authentication built in, simply accepting all traffic on the “secure” phone network. Regulated network interconnection was baked into the SS7 protocol, and a side effect is that the source phone number is trusted by design. Caller ID spoofing is the result of this protocol and the regulatory requirement that telephone companies (telcos) complete all calls from competitors.

[TProphet] didn’t mention the legitimate reason for caller ID Spoofing. Your humble author spoofs the caller ID of his office phone. Why? An Asterisked phone system (running off a Raspberry Pi) connects to both a Plain Old Telephone System (POTS) line as well as a VoIP trunk. Incoming calls to the phone number, as well as outgoing local calls, go over the POTS line. Long distance outgoing calls go over the VoIP trunk, as the per minute rates are significantly better. In Asterisk, when routing the outgoing call, there is a …read more

Source:: Hackaday