SHAKEN Protocol Will Stop Scammers from Exploiting a Caller ID Loophole

Home , Robocall

How to Shut Down Robocallers The STIR/ SHAKEN protocol will stop scammers from exploiting By JIM a caller ID McEACHERN & ERIC loophole BURGER

ave you ever received a phone call from your own number? If so, you’ve expe- rienced one of the favorite techniques of phone scammers. • Scammers can “spoof” numbers, making it seem as though the phone call in question is coming from a local number—which can include your own—thereby obscuring the call’s true origin. If you answer the call, you’ll most likely be treated to the sound of a robotic voice trying to trick you into parting with some money. • One of us (McEachern) is a principal technologist for the standards organization Alliance for Telecommunications Industry Solutions (ATIS), and the other (Burger) was until recently the chief technology officer for the U.S. Federal Communications Commission. But you don’t need us to tell you that robocalls are a pandemic. According to a report by the caller ID company Hiya, there were 85 billion robocalls globally in 2018. → H46 | DEC 2019 | SPECTRUM.IEEE.ORG PHOTOGRAPH BY Dan Saelinger GUTTER CREDIT GOES HERE GOES CREDIT GUTTER

PHOTOGRAPH BY Firstname Lastname SPECTRUM.IEEE.ORG | DEC 2019 | 47 Call for Directions CENTURY AT&T LINK LONG DISTANCE CALLING A FRIEND isn’t as simple as transmitting data from point A to point AT&T VERIZON B. Along the way, the call is routed through telephone infrastructure that may be operated by two, three, or more phone companies, or carriers. These routes are part of the reason it’s so time NODE consuming to identify the points where scammers CALLER’S VERIZON INTELIQUENT RECEIVER’S place their calls. PHONE LONG DISTANCE PHONE

RoboKiller, one company that has cre- Today, when you make a call, your If it all works out, robocalls could ated an anti-spam-call app, estimates phone company, or carrier, knows become as manageable as email spam. that Americans received 5.3 billion robo- whether or not you’re spoofing your num- You’ll be less likely to be tricked into calls in April 2019 alone, or nearly 4,000 ber to make it appear that the call is com- answering a scam call, and you’ll receive every second. And not only are scam calls ing from a different number. But what the far fewer in the first place. annoying, they’re costly. In 2018, phone company doesn’t know is if you’re allowed scams tricked Americans out of an esti- to spoof that number, nor does it have a Spoofing numbers isn’t new—it’s mated US $429 million. Sadly, these num- way to securely send that information to been possible for half a century. Tele- bers are on an upward trend. the carrier delivering the call to the person phone switching equipment known as Spoofing phone numbers is just one you’re calling (there are legitimate reasons private branch exchanges (PBXs), which way phone scammers trick their victims. why callers might spoof their numbers; many businesses use, preassign the num- Scammers are also very good at reading more on that in a moment). ber that will be displayed on the recipi- people, gaining their confidence, and The upshot is that when you see the ent’s phone when it receives a call from playing to their fears. But spoofing num- number of an incoming call, you have the business. There are legitimate rea- bers is an often-effective opening gam- no way of knowing if the number dis- sons for businesses to spoof numbers. bit. The first thing a spoofer has to do is played on your caller ID is legitimate or For example, they may want to display get someone to pick up the phone in the spoofed. STIR/SHAKEN will give phone a toll-free number for calls from the mar- first place, and people are more likely companies a secure method of commu- keting, sales, or service departments. to answer a call if they think it’s from a nicating a caller’s number to a recipient Women’s shelters are another example local number. So, preventing the abuse of when a call is placed. This capability is of the need to disguise numbers, as they call spoofing, along with making it much vital to establishing the caller’s reputation often replace the shelter’s actual number harder for anyone to place huge numbers so that scammers and other bad actors with a national number to avoid tipping of robocalls, are two of the most impor- can be reliably identified and blocked off a domestic abuser. tant challenges to reining in robocallers before you waste any time on the bogus The problem is not spoofing itself. The and scammers. call. And should an illegitimate robo- problem is that in the last decade or so, The telecommunications industry has call still get through, STIR/SHAKEN sim- three things have changed to create the been developing a network-based system plifies the process of tracing a call back mess we see today. that would meet both of these challenges. to its source. Hopefully, simpler trac- First, phone calls are a lot cheaper. In It goes by an unwieldy name: “Secure Tele- ing will make it feasible for law enforce- many countries nowadays, unlimited phone Identity Revisited/Signature-based ment agencies to prosecute scammers nationwide calling is standard in basic Handling of Asserted information using for illegal robocalling. The technology phone plans. Second, the Internet has toKENs.” Let’s just call it STIR/SHAKEN, will also securely provide information to reduced the costs of running a scam to which is a lot easier to remember. STIR/ call-blocking apps, allowing the apps to almost nothing. The PBX of choice for SHAKEN is a technique for providing more more accurately identify spam calls and fraudsters is an Internet-enabled I P-PBX reliable call-display information by clos- inform you with a notice such as “Spam to further lower the price per call. With ing a loophole that scammers exploit in likely” or “Unverified number” before the Internet, scammers don’t even

telephony infrastructure. you answer a call. have to be in the same country to place

48 | DEC 2019 | SPECTRUM.IEEE.ORG ILLUSTRATION BY Mark Montgomery robocalls, and they can use live agents the phone companies on each end of tocol’s flexibility made it easy for each in countries with low-cost labor. Third, a phone call. phone company to implement it in its anyone can place hundreds of calls per The Internet Engineering Task Force network. However, as a general rule, the minute with the small investment of an (IETF), which works on issues related to more flexible a protocol is, the more inexpensive PC, a hundred-dollar Voice secure telephone identity, began work likely it is that different implementations over Internet Protocol (VoIP) expansion on STIR in 2013. The IETF designed the won’t play well together. So when two card, free open-source software, and a STIR protocol to be very flexible. The different service providers implement few days of assembly. basic mechanism is a certificate issued the protocol on each of their networks, Put it all together and you have the rec- to authenticated callers. However, STIR a caller ID sent from one to the other ipe for a potentially lucrative business requires individuals to be proactive about might not make it through intact. The with very low risk. These scammers are authenticating themselves and managing task force’s goal was to create a precisely fundamentally playing a numbers game: their personal key, which confirms their defined subset (known as a profile) of While most people won’t answer their identity. STIR’s downside is that very few STIR, called SHAKEN. Because the task calls, a small percentage will, and some of people have the expertise to do either. The force specified the SHAKEN profile of the those people can be conned into sending good news is that STIR’s flexibility allows STIR protocol, you might see it referred money or revealing their bank account phone companies to implement it in their to as “STIR/SHAKEN.” information. Robocall scams are so cheap network with minimal hassle. SHAKEN starts with the information that even one success among hundreds In 2015, ATIS also began studying that the originating phone company— or thousands of calls can still make scam- mechanisms to reduce unwanted robo- the carrier—knows about the call. For mers money. The Internet can cheaply calls. A joint task force between ATIS example, mobile phones and residen- connect a U.S.-based IP-PBX making hun- and the SIP Forum, an industry associa- tial landlines transmit their phone num- dreds of calls per minute with call agents tion, built upon the IETF’s work on STIR. bers whenever they originate a call. For in another country to talk to any victims As it turned out, STIR’s extreme flex- businesses, where legitimate spoofing is who fall for the spoofed call. Meanwhile, ibility was a problem. Indeed, the pro- commonplace, the carrier also assigns the carrier has no way of know- to the call a unique key, called ing that this is an illegal robocall an “orig-id,” or origination identi- operation until unsuspecting vic- fier, in order to identify the busi- tims complain. Only after receiv- ness placing the call. In all cases, ing complaints is the carrier aware the carrier creates a digital sig- that it should trace back the calls nature using the available infor- and identify the illegal caller. mation and transmits it with the Before STIR/SHAKEN, individual call. The caller ID information is phone companies did not have all included within this digital signa- the information needed to iden- ture. The phone company com- tify and stop a scam, because it pleting the call verifies the digital often takes two or three compa- signature to confirm the infor- nies to complete a call. The last mation hasn’t been modified, company in the chain, which com- and then identifies the originat- pletes the scammer’s connection ing carrier. This last step allows to your phone, doesn’t know if the spoofed calls to be linked to their number has been illegally spoofed, source for call-blocking apps and so it can’t advise you to use cau- law enforcement. tion or ignore the call. The scam SHAKEN’s contribution is to emerges only when you answer take what the originating phone the call and discover that it isn’t company knows about the caller, really the tax collector on the other courtesy of the digital signature, end of the line. and classify that knowledge suc- cinctly. So one of the biggest chal- Despite the James Bond lenges the task force faced early theme, the STIR and SHAKEN on during SHAKEN’s develop- technologies don’t by themselves ment was deciding which infor- constitute a license to kill robo- mation was actually important. calls. Instead, the goal is simply Including too little information to communicate, securely and in in the classification would mean

real time, information between that important details would be

PHOTOGRAPH BY Dan Saelinger How STIR/SHAKEN Tracks Down a Scammer When a carrier rolls out STIR/SHAKEN, the only change its customers will notice is a message on their caller ID screens warning of a potential scam call. But there’s a lot more going on behind the scenes when a scammer places a robocall. Here’s how STIR/SHAKEN keeps everyone involved informed about whether a call is worth answering. 1. A scammer starts up the robocalling equipment and begins placing calls.

2. The scammer’s LEVEL 3 3. The carrier own carrier logs also assigns an ALERT: SCAMMER! each robocall’s “attestation level” entry point—the (A, B, or C) to the device used and its call based on what physical location— the carrier knows into the telephone about the caller. network.

Attestation A

Attestation B

Attestation C

4. The carrier encrypts this information and sends it through the 5. Using the assigned attestation level, and taking into account network, alongside the call itself, to the call receiver’s carrier. previous complaints about calls from the same network entry point, the carrier determines the caller’s reputation as a likely scammer.

FCC FCC

6a. The call recipient 6b. If the recipient answers a scam 7. The recipient’s carrier, and the authorities, can trace the call avoids picking up robocall, they can report the robocaller back to its origin using the entry point logged by the first carrier, a phone call from a to their carrier and the authorities. allowing for prosecution. probable scammer.

- 50 | DEC 2019 | SPECTRUM.IEEE.ORG ILLUSTRATION BY Mark Montgomery lost, such as the distinctions among indi- carry a lot of confidence about the call- are placed, SHAKEN makes it possible vidual businesses in a single building. Too er’s identification, but it can still be use- to confidently label a call as spam before much information would create clutter ful in tracing calls to quickly identify the it is answered. and make it more difficult to zero in on source of problems. the data that’s important. For example, Identifying a call as spam can happen One criticism of SHAKEN is that it you don’t need to know whether a caller only once a call is placed. This limita- cannot indicate whether a call is a scam is using a landline or a mobile phone tion highlights a key difference between based on whether or not the number is to determine whether they’re illegally phone calls and email, and helps explain legitimate. A call with “full attestation” spoofing a number. why we’ve had spam filters for years can potentially still be a scam. Fraud- The solution was a three-level system while SHAKEN is only now emerging sters can often gain access to fully ver- to categorize the essential information to help identify illegitimate voice calls. ified numbers for short windows of about the caller into levels of “attesta- Spam filters scan email before delivery time, and then vanish by the time any- tion” for the call. These attestation lev- to compare the content against known one realizes they’re using those phone els characterize a caller’s right to use a scams. These filters are not perfect, but numbers. That’s why SHAKEN has also particular number. Full attestation, also they’re good enough to hold email spam been designed to simplify the call trace- known as “A-attestation,” has several down to tolerable, if still slightly annoy- back process. requirements but provides the highest ing, levels. Traceback is exactly what it sounds level of confidence by the originating That’s not possible with a telephone like: It’s a process that begins with the carrier. The call originates on the car- call—it’s not really feasible to disclose the person receiving the call, tracing the call rier’s own network, as opposed to orig- content of a call before it’s connected. back through carriers to the person or inating from another carrier or a VoIP SHAKEN does the next best thing, by organization that made the call. In the provider. The carrier has also directly making it possible to easily track calls United States, the United States Telecom authenticated the caller and verified from the point where they physically Association currently leads an industry the caller’s right to use the number. This enter the network (more on that shortly) traceback initiative to identify the ori- way, SHAKEN still allows for legitimate and then establish a caller’s reputation. gin of illegal calls. Traceback is largely a number spoofing, but only if the car- Reputation is determined in large part process of scanning call-detail records rier knows the customer has the right by the level of attestation callers receive to correlate a call coming into carrier A to spoof that number. from carriers. Reputation is also deter- with a call going out from carrier B, and Partial attestation, or “B-attestation,” mined by connecting callers to their then repeating the process for as many indicates that the originating carrier can- orig-id, so that over time less-reputable carriers as necessary to reach the person not verify enough information about the callers may be identified by the number or business that placed the call. The pro- caller for the carrier to vouch that the of complaints made about that caller. If cess is now semiautomated, but it’s still a caller is using its assigned number. The the carrier knows a call is originating on complicated, multistep process. call still originates on the carrier’s net- its own network and the caller has the SHAKEN simplifies traceback, turn- work. The carrier still authenticates the right to use the number—and the car- ing it into a one-step process no matter caller but does not verify the customer’s rier has not received complaints about how many carriers have been involved right to use the number that’s being dis- that caller—then, generally speaking, in the call. The same digital signature played. It’s possible that the customer is the carrier can be more confident the that authenticates a call’s orig-id and using the number legitimately, but the caller is not a scammer. By being able attestation level identifies exactly where carrier hasn’t verified it. There are valid to identify less-reputable calls as they a problem call entered the network. This reasons why a customer might be using a number that hasn’t been verified. A business might have swapped carriers but kept its original toll-free number, Phone companies don’t always know for example. What Carriers everything about a call. STIR/SHAKEN uses levels of attestation so that carriers can Gateway attestation, or “C-attestation,” Know classify what they do know about each call. indicates the lowest level of confidence. The call starts on some other carri- A–ATTESTATION B–ATTESTATION C–ATTESTATION er’s network that hasn’t implemented Originates on carrier’s own Originates on carrier’s own Originates on some other SHAKEN. Because the carrier doesn’t network network network know the customer or whether it has Carrier has confirmed who Carrier has confirmed Carrier has NOT confirmed the right to use the number that is asso- the caller is who the caller is who the caller is ciated with the call, the carrier merely Carrier has verified Carrier has NOT verified Carrier has NOT verified identifies the call’s entry point into its caller’s right to use the caller’s right to use the caller’s right to use network. Gateway attestation may not phone number phone number the phone number

SPECTRUM.IEEE.ORG | DEC 2019 | 51 method simplifies the process of tracing nationally. That’s important because, illegal calls, and will enable authorities to as we’ve mentioned, scammers often The World’s Best investigate many more complaints in the place robocalls internationally using the same amount of time. In the United States, Internet. The task force that developed ROBOTS GUIDE for example, enforcement is handled by SHAKEN has already begun working on the Federal Trade Commission (FTC), expanding the protocol so that carriers the FCC, the FBI, and state and local law in one country can verify calls that have Is Here! enforcement. The agencies should have been digitally signed in another country. an easier time coordinating their efforts As robocalls are brought under control ROBOTS.IEEE.ORG with a simpler traceback tool. in the United States and Canada, illegal It’s also possible that a less-legitimate robocallers are likely to attack citizens carrier could be tempted to solicit ille- and businesses in other countries. gal robocalls. After all, the carrier would still be paid for the service by the caller. As you read this, calls are already Simpler tracebacks make it easier to spot being signed and verified across live net- a pattern if, for instance, one carrier is works by major carriers in the United hosting a lot of illegal robocalls. While States, with Canada following in 2020. So mainstream carriers have no interest in you can now relax, knowing you’ll never Sawyer Robot, Courtesy of Rethink hosting robocalls, SHAKEN removes the be bothered by a robocall again, right? Robotics, Inc. small temptation that fly-by-night carri- Unfortunately, SHAKEN can’t com- ers might have to make money by solic- pletely stop robocalls on its own. It’s a IEEE Spectrum’s new iting these callers. tool that can be used by call-blocking ROBOTS site features SHAKEN’s digital signatures also pro- apps to reduce the number of unwanted more than 200 robots vide hard evidence of the source of illegal calls. It will also help differentiate calls, making successful prosecution eas- between legitimate calls and illegal calls, from around the world. ier. In June, the FTC announced that the so users will be less likely to be taken in • Spin, swipe and tap to make agency had filed 145 cases to date against by scams. In addition, SHAKEN makes it robots move. illegal robocall operations. Of course, much faster and easier to find and sanc- • Read up-to-date robotics news. those 145 cases predate SHAKEN. It’s not tion illegal callers. • Rate robots and check their ranking. a large number, although the FCC, for its And it bears repeating that when • View photography, videos part, did go up against some big players, SHAKEN begins to reduce illegal calls, and technical specs. including one man, Adrian Abramovich, scammers won’t just give up. The indus- • Play Faceoff, an interactive who made over 100 million robocalls and try will need to be vigilant to understand question game. was fined US $120 million. SHAKEN won’t robocallers’ latest tricks for avoiding stop robocalls directly, but it will be an SHAKEN and will need to regularly important tool in identifying, locating, adjust the way the protocol is used to and prosecuting illegal robocallers and close the gap. those who support them at a far greater STIR/SHAKEN will make a difference. rate. Given time, SHAKEN should have Not overnight, but over time the num- a huge impact on how many robocalls ber of illegal robocalls scammers place, scammers can get away with, and how and the calls’ effectiveness, will decrease. many new actors attempt to start their The user experience will be like that of own scams. email spam. At one time, experts pre- That said, scammers are nothing if not dicted that email would become useless resourceful. They will find a new weak- because no one would be able to find the ness to exploit, just as they’ve exploited real email among all the spam. But the a loophole for call spoofing. When weak- industry deployed a variety of anti-spam nesses are discovered—and it is a question measures, and eventually the situation of when, not if—SHAKEN must be adjusted improved. Email spam didn’t go away quickly to patch the vulnerability. (you still have a spam folder, after all), Check out Robots.ieee.org SHAKEN is being deployed in the United but it has minimal impact. SHAKEN will on your desktop, tablet, States and Canada independently because provide the first step for a similar assault the current specifications consider only on unwanted robocalling. n or phone now! how the protocol operates within a single ↗ POST YOUR COMMENTS at https://spectrum.ieee.org/ country. It’s our hope to extend it inter- robocalls1219

52 | DEC 2019 | SPECTRUM.IEEE.ORG