![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Caller ID Spoofing.
Dec. 31st, 2017 02:25 pmThe fatal "SWATting" of an innocent bystander caused by a $1.25 bet off of a Call Of Duty session could of been prevented had the Caller ID not been spoofed.
How could it happen? Well, the caller used a VoIP provider that can spoof a Caller ID. The police assume the worst in any case... and given they were told "hostage situation with weapons" shot someone.
So the question really comes down to how do you detect if the Caller ID is spoofed? Well...
In this day and age, all calls go digital and get sent over digital lines. It doesn't matter if it's over fiber, POTS, VoIP, or cellular. The solution here is to add more metadata and a call-back to verify the call is coming from where it's supposed to be.
With fiber optic service, it's "what line is associated with what location." The same goes for POTS. Record which port at the telephone facility goes to which house. Keep that info (assign it a unique ID). That can't easily be spoofed.
With cell phones, that "port" is the IMEI code, possibly with more info off the SIM or device itself to make it hard to spoof.
With VoIP calls, it's the caller's IP address and Ethernet MAC address off the router or otherwise Internet-accessible device (if it's behind a firewall, the IP and MAC is the firewall).
So, with that number and port, we can look up the provider and ping it's verification system securely. If it comes back saying "Yes, that person is legit." then you can trust the caller ID. Anything else should be considered spoofed (including if the verification service is down).
What would emergency services do if they get a spoofed call? Well, the caller should have given them a location. Locate any other buildings around and call them, as well as dispatch an officer. If the neighbors say "Nothing's going on" then it's likely a SWATting's happening, and the officer should calm down.
How could it happen? Well, the caller used a VoIP provider that can spoof a Caller ID. The police assume the worst in any case... and given they were told "hostage situation with weapons" shot someone.
So the question really comes down to how do you detect if the Caller ID is spoofed? Well...
In this day and age, all calls go digital and get sent over digital lines. It doesn't matter if it's over fiber, POTS, VoIP, or cellular. The solution here is to add more metadata and a call-back to verify the call is coming from where it's supposed to be.
With fiber optic service, it's "what line is associated with what location." The same goes for POTS. Record which port at the telephone facility goes to which house. Keep that info (assign it a unique ID). That can't easily be spoofed.
With cell phones, that "port" is the IMEI code, possibly with more info off the SIM or device itself to make it hard to spoof.
With VoIP calls, it's the caller's IP address and Ethernet MAC address off the router or otherwise Internet-accessible device (if it's behind a firewall, the IP and MAC is the firewall).
So, with that number and port, we can look up the provider and ping it's verification system securely. If it comes back saying "Yes, that person is legit." then you can trust the caller ID. Anything else should be considered spoofed (including if the verification service is down).
What would emergency services do if they get a spoofed call? Well, the caller should have given them a location. Locate any other buildings around and call them, as well as dispatch an officer. If the neighbors say "Nothing's going on" then it's likely a SWATting's happening, and the officer should calm down.
