15

There is plenty of software which allows a user to input a recipient's information, and a fake-originator's information, and the software will complete the caller ID spoof. I'm trying to understand why the telephony stack is so vulnerable to spoofers in regards to caller ID, and why offenders are so hard to catch.

I have minimal formal exposure to the telephony protocols. I have some understanding of how exploits can work. Most of my knowledge can be summed up in the following: "Surely the telephone system must work on some kind of standard, and surely the caller ID function must be at least a part of (if not defined in) that standard."

I'm not looking for step by step exploitation instructions, but more of a understanding of what kind of weakness (and in what protocol) that makes this possible.

Anders
  • 65,052
  • 24
  • 180
  • 218
user3.1415927
  • 301
  • 1
  • 7
  • *"... can I find __more__ ..."* suggests that you've already found some information but don't feel that these are enough or have enough detail. In this case it would make sense to include what you've found so far into your question so that answers will not include the things you already know and can focus on the new things. – Steffen Ullrich Dec 20 '17 at 15:47
  • Unfortunately, questions asking for lists or pointers to outside resources are off-topic. Have you looked at https://en.wikipedia.org/wiki/Caller_ID – schroeder Dec 21 '17 at 20:31
  • I have edited the question, trying to remove the off topic request for external resources and instead just asking for the answer here. – Anders Dec 21 '17 at 22:57

1 Answers1

5

The simple answer is that this is not considered a vulnerability - the protocol stack is not designed to authenticate the caller.

From @schroeder's Wikipedia link on Caller ID:

Additionally, nothing ensures that the number sent by a switch is the actual number where the call originated; the telephone switch initiating the call may send any digit string desired as caller ID.

There are various implementations in place around the world, but even (or especially) in the more recent ones there is functionality to replace actual ID with another one.

The reasons behind this are almost entirely historical - back in the day the call was completed by a human operator physically connecting a cable between caller and receiver. No ID was required. If the operator needed to connect to another operator in a remote state or country, all they would need to inform the other operator is the receiver ID.

As that was modernised, and machines replaced human operators, the process was still the same - a connection was built between based on the receiver ID, as the caller is already connected.

With the continuous move towards traffic being carried over IP rather than analogue lines, identifying information is becoming more available to telcos, so there will come a time when ID information should be available, but there still seems to be a business model for telcos to allow companies to pay for spoofed IDs, and as long as there is money in it - the service is unlikely to go away.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321