There is plenty of software which allows a user to input a recipient's information, and a fake-originator's information, and the software will complete the caller ID spoof. I'm trying to understand why the telephony stack is so vulnerable to spoofers in regards to caller ID, and why offenders are so hard to catch.
I have minimal formal exposure to the telephony protocols. I have some understanding of how exploits can work. Most of my knowledge can be summed up in the following: "Surely the telephone system must work on some kind of standard, and surely the caller ID function must be at least a part of (if not defined in) that standard."
I'm not looking for step by step exploitation instructions, but more of a understanding of what kind of weakness (and in what protocol) that makes this possible.