Why is It So Easy to Spoof Caller Id

The telephony protocol permits owners of a local telephone exchange (any setting with many internal phones) to display a chosen number in the caller-id field. The intent was that outgoing calls would appear to come from the general number of the organization, rather than the individual who actually placed the outgoing call. Unfortunately, when this was designed, no thought was given to the possibility of (now widespread) abuse. One cannot completely blame the original designers: when they did their work, telephony was essentially a closed system controlled by a handful of large telephony companies. The rise of using the internet as a transport medium was not something they could have anticipated: there was no internet back then!

Not that this explains it, but IIRC, caller ID information is sent (or was, at one time with land lines) "out of band", in a particular data format, that occurs between the first and second rings. IIRC, it's done using frequencies that either can't be heard (ie, outside the freq response of the phone), or the sound is "switched off" between rings (quite possibly this, since the "ring" voltage is completely different from the "line-in-use" voltage - so this voltage change can be detected and switch the signaling as needed). At any rate, it's a known thing, and if you understand how it works, it's possible (well, again, was - for land line phones) to build a box that can inject these signals between the rings so the phone being called will display it. Normally, this is done (IIRC) by the CO, but I think if the info is already there, it doesn't override it. I might be completely wrong, though; it's been a couple of decades since I last read about how it worked; also, I have no idea how it works in cell-phone land, but likely it hasn't changed because "inertia" and having to support older land-line phones...

When you have an incoming call ringing on a landline, the ring signal is very much out of band - it's 48 volts, with enough current to drive a solenoid to move a mechanical hammer against a physical bell. (You do not want to be electrically in contact with a phone line when ring comes in!) The caller ID information comes as a frequency-shift-keyed (FSK) message (I think). As you said, it's between the first and second rings. But you can't hear it, not just because it's not a normal audio tone, but also because the phone is still on hook and isn't playing any audio that comes over the line. That's regular caller ID, which is type 1. Call waiting caller ID is type 2. It's also an FSK message. (That is, I'm sure that it's an FSK message. I think type 1 is also FSK, but I'm less certain of that.) This comes immediately after the call waiting "beep". It's short enough that I don't think your ear can pick it out of the transition from the beep tone to the regular conversation that the beep interrupted. I'm not sure whether you could get fake caller ID that you send through a CO. The phone line isn't "off hook" yet, so the CO isn't passing audio. (If you say "hello" into the phone while it's ringing, I don't think that audio goes down the destination phone line either.) But that's only how I think it works; I don't know.

For legitimate outbound sales, I might be calling from 617-867-5309, but want my caller ID to always show up as the office main number (perhaps 617-867-5300). Or I might want to show my Google Voice (or Twilio or other) number as my number even if I happen to be returning your call from a specific line or phone. As for felony life sentence, while I'm sure that's facetious for effect (and I chuckled), if you accept any of the above reasons, it seems you also need to allow for inadvertent misconfiguration. Once we broke up the telephony stranglehold (overall a good thing, I think), we allowed a bunch of federated phone systems to start working together, most of whom are good actors.

williamswhangs.blogspot.com

Source: https://news.ycombinator.com/item?id=19788225

Share this post