How do people spoof phone numbers and why won’t/cant the phone companies close that security hole?


How do people spoof phone numbers and why won’t/cant the phone companies close that security hole?

In: Other


Because of the way the phone system was designed. If you have a multi line phone system and you’re a business, you might have a need to change the outgoing number from certain extensions making outgoing calls so the caller appears to be calling from a specific number, like a main number for a business or queue. These digital phone lines give the business customer the ability to program their equipment to specify the outgoing number. Like sending email, you can put in anything as the sender. The phone systems don’t have any way to know or validate if a number is owned by the person initiating the call. Keep in mind these are technologies that are several decades old.

These digital lines aren’t going anywhere for a long time, they are expensive, robust and heavily relied upon. And it’s not easy to change the underlying phone signalling language used by phone systems across america that all route calls between each other.

Like email, it’s an old technology and still heavily relied upon. Things that prevent unauthorized emails and spam haven’t changed the email “language” itself, but other technologies around it to help validate email and minimize the spread of junk mail The same solutions are needed (and to some extent) are already being implemented. But there is no silver bullet solution here because of the legitimate use cases, and because of internet systems that connect to the phone network, it’s made it super easy for spammers anywhere in the world to remotely set up and launch spoofing campaigns by either hacking and exploiting a business’s phone equipment or finding a shady fly by night internet voice provider. In order to effectively combat this solution, it would require extremely expensive upgrades for everyone from the smallest of independent telephone companies to the largest. There’s progress being made, but it will be a long time before all the equipment is replaced. By then, who knows, we may have all but abandoned the 7-digit number we have in favor of something else.

Edit: Clarity.
Edit 2: Added a part about cost being a problem and why we don’t have a solution.

Battling any kind of cyber security is like fighting a hydra – cut one head off, and two more appear.

Or, more similarly, whack a mole.

Your telco provider is likely working on fixing every issue they are aware of (unless its AT&T obv). The hackers just move on to the next exploit they can find and the cycle starts over again.

Super ELI5: the teacher on the playground caught you playing with banned Pokemon cards. The teacher confiscates your cards, but you just go get more from the store and be more sneaky next time you play.