Is it possible to design a phone system that would prevent spoofing?

I’ve been getting a deluge of spam calls with various phone numbers starting with the same 3 digits as my phone number (or same starting 6 digits if you include area code), which I assume are spoofed numbers. It made me wonder if there was any way to design a system where caller ID could not be spoofed - is it plausible to have the equivalent of SSL certificates for websites for phone numbers? Would this require any sort of massive upgrade to our phone infrastructure, or change how phones fundamentally work?

Seems like it would be completely possible - perhaps difficult to retrofit to our existing systems and networks, but if you were designing from scratch, yes, a certificated system of trust would be absolutely possible.

I can’t imagine why it could not have been designed this way in the first place and I think it’s a total clusterfuck that it wasn’t. (The occasional excuses I’ve seen have always seemed lame to me.)

But note: There is work – and proposals – in progress!

ETA: Note that these current proposals involve authentication protocols and technologies that didn’t exist when Caller ID was first introduced. But I still don’t know why spoofing couldn’t have been prevented with mechanisms that were possible then.

Thanks for that information - it is good to see the FCC pushing this and it looks like they have set a deadline of caller authentication protocols needing to be put in place by the end of June of this year. Also amused by the name of the protocols being STIR/SHAKEN. I’m curious how this will play out at the customer level - will unauthenticated calls be blocked by the networks themselves, or would people have to block unauthenticated calls on their side?

Why is it possible to mail a letter with the wrong return address written in the corner?

The answer to that is the same as to why it’s possible to spoof phones or email.

Yes - if the sender is responsible for providing the return address, then spoofing is always possible. But for things like mail servers, IP networks and phone networks, the carrier actually does know the correct source and should have the capability to enforce the correct source, or reject connections that lie about their source.

In Post #3, I suggested that this should have been possible even with the technology back when Caller ID was first introduced. This is exactly what I was thinking. The caller’s phone company, not the caller, should have been the one to inject the caller’s information into the data stream.

RFC3013 Recommended Internet Service Provider Security Services and Procedures recommends ISPs apply egress filtering to ensure IP addresses exiting the edge routers have a source IP address from within the ISPs address range.

This has been a recommendation for a very long time (the RFC is dated from 2000), but there are still many, many ISPs that still do not implement this.

I am in England but I imagine that telephone technology is pretty much the same everywhere. My phone rejects most spam calls, presumably using some kind of list. Further, it intercepts calls from anyone not in my own list and asks them to identify themselves and giving me the opportunity to accept, reject or permanently ban their number.

Surely this system is available in N America!
HELLO Phone Gigaset - Extra Slim Design Phone to Connect Cordless at Home - Answer Machine, Nuisance Call Block, Speakerphone - Deep Black: Electronics

Sure, and by analogy if the postal service was set up in such a way that you had to prove your identity/address before they would carry your letter (like they do when you go to collect a parcel they’re holding for you), that would solve the problem.
It’s not a perfect analogy, because it’s probably easier to fake your identity and address IRL than it is to fake an identity within a properly set up system of electronic certificates

If someone spoofs their caller ID to match someone in your own list (admittedly, probably unlikely), they will get through

I’ve experienced call intercept and request to say my name, when calling Google Voice customers. Sure wish I had it on Verizon Wireless.

My fantasy is, I give everyone in my Contacts list a custom 4-digit password. They have to enter that password on their phone’s keypad and it has to match their Contact number, or the call doesn’t go through at all. Maybe puts them into voice mail if I’m feeling generous. Maybe their phone explodes in their hand, or at the bot-farm, if I’m feeling cranky.

Automated calling also comes now from unknown numbers that are legit: credit card fraud alerts, and doctor’s offices. I don’t want to screen those out. And those callers aren’t always people. Another example is the call box on my building which rings thru to my phone and I can hit 9 to buzz them in. Of course I get a lot of bogus calls from people pretending to be Amazon delivery folks.

The widespread adoption of IPv6 should make identifying both phone spoofing and email spoofing easier as it includes inherent geographical identification. The bad guys could try to bypass this by setting up a relay operating in-country but those can be traced and shutdown and the operators (hopefully) prosecuted.

Sadly adoption is taking a long, long time.

There is a trivial solution to cold-callers - implement a micro-transaction cost of a penny per outgoing call. Scammers and other cold callers may only profit from one call in 20,000, but when the call is free and the calling automated, it’s profitable.

The average user doesn’t make a lot of outgoing calls on a landline. The cost to legitimate users would be pennies per month. But it would stop cold callers dead.

That the phone companies don’t do this says to me that they want the cold callers.

On a related note, can we force people to defend their physical phones? Or force phone companies to make them more secure in that way? I read a sad case about an elderly person with dementia getting scammed, and also about people snooping on the phones of their significant others.

So I did a tad of research and found this. Unfortunately, this is based on an online poll, so I doubt it’s particularly accurate.

I use my fingerprint. I’m too likely to screw up a pattern and get locked out.

(A year or two ago my phone was lost, well, stolen, but they got no info thanks to not having my fingerprint. Apparently they just wanted the physical phone. I changed the password and got a new one.)

All right, Mr. Mangetout … what’s your first name?

It works exactly as designed; however, the designers never thought that their ‘brilliant’ idea would be used for evil. It was designed with businesses & PBX systems in mind.
You work for a large company, your desk phone # is 555-1234, the guy on your left side is 555-1233 & the gal on your right side is 555-1235, except 555-12xx all belong to your company’s PBX system. It was designed to allow your company to send their company name. The fact that the sender could put in their own information was billed as a feature.

The designers didn’t care if it was used for evil, as long as they got paid for it. Safety/security measures are almost never voluntary-they are usually forced on companies.

Years and years ago, way back in the 20th century, our local phone system in Colorado was called Qwest. They had an ingenious product that I wish was standard on all telephone systems, but I’ve never seen it before or since.

When someone called me they were told to hang up if they were a sales call, then prompted to press #1 and state their name. After that my phone would ring and I’d get an automated message that “So and so” was on the line, press #1 to accept or #2 to decline. If I declined then they got an automated message that their call could not be put through. I could also flag that number to never come through again. If I accepted then I could chat with my friends, and also had the option to whitelist them so they could call straight through in the future.

I loved it. Never had to talk to telemarketers, didn’t even have to hear the phone ring most of the time because robocallers couldn’t make it past the “press #1 and state your name” part.

I’ve no idea why this isn’t still a thing. I can’t remember if there was a fee, but if there was it was worth it not to get daily calls about my hacked Apple ID, my expiring car warranty, and the terrible news that my social security number had been suspended for fraud. (I don’t answer unknown numbers, but they leave messages on my voice mail that I have to deal with.)

This is exactly the lame excuse I’ve seen mentioned, and it is lame. What they could have done instead is: (a) Allow the caller to insert his name or whatever text he wants on the 2nd line of the outgoing Caller ID; (b) But the first line, with the originating phone number, would be inserted by the caller’s phone company, and not under control of the caller.

But when the caller establishes his phone service, he should be able to specify what number the phone company will put there. By default, this would be the caller’s own phone number. But for the PBX scenario, each phone in the company can have the company’s main switchboard number be displayed instead. The customer could have this number changed at any time.

The phone company could charge a fee to have a phone number other than the caller’s own phone number displayed. For a company, with one account with the phone company and lots of phones, it could all be specified once on the account. When a customer requests a Caller ID other than his own phone, the phone company would have some rules about what is allowed, and would validate the request before allowing it.

I think telemarketers were a thing long before there was Caller ID, and they were a nuisance even then. So the “designers” had every reason to know that their ‘brilliant’ idea would end up being used for evil.