back to article Voice-routing call fingerprint system fights 'vishing'

Security researchers in the States say they have developed a cunning new method of "fingerprinting" voice calls that could offer a route to trustworthy caller ID and a barrier against so-called "vishing" or voice phishing. The tool is called PinDr0p, and works by analysing the various characteristic noise artifacts left in …

COMMENTS

This topic is closed for new posts.
  1. Cameron Colley

    I assume it won't work for Skype then?

    Am I wrong, or will the (partial, at least) peer-to-peer nature of Skype mean this won't work with it?

  2. nickrw
    WTF?

    "PinDr0p"

    What's wrong with the letter O?

  3. Annihilator
    Boffin

    The title is required

    "PinDr0p needs no additional detection infrastructure; all it uses is the sound you hear on the phone."

    Or rather, the noise you don't hear..

    "“They’re not able to add the kind of noise we’re looking for to make them sound like somebody else,” says Patrick Traynor, GIT compsci prof. “There’s no way for a caller to reduce packet loss. There’s no way for them to say to the cellular network, ‘Make my sound quality better.’”"

    Presumably it's possible to trick it into believing a reduction in quality is there though - for example deliberately introducing tiny gaps into a non-VOIP call to trick the system into thinking it's detecting packet loss? Not sure to what end you'd want to do that, but...

    1. Anonymous Coward
      Boffin

      @Annihilator

      This would only work if the perps are able to get at the packet stream and selectively remove the packets themselves. It won't work if they just add bits of "silence"; that does not result in a packet drop.

      Not impossible, but you'd probably need to route the call via your own VoIP network (since private ISDN networks are few and far between) to achieve anything.

      1. Annihilator

        @alannorthhants

        Alan, I'm saying that the hypothetical call in question is NOT a VOIP call, but adding tiny bits of silence which will imitate the symptom of a dropped packet, thus giving the software the impression that it's a VOIP call, when in reality it's not.

  4. John Armstrong-Millar
    FAIL

    where's the source

    So that bank I used too use with the atrocious fuzzy call quality from their call centre somewhere on the subcontinent of India will be distinguished from a 419er in Lagos using a class 1 cell phone?

  5. Sooty
    Black Helicopters

    is it my imagination

    or does it sound like this has the potential to flag a call as suspicious, even false, due to the routing the mobile network uses, which is completely out of your control.

    while conmen may do this on purpose, there is no reason why a network couldn't route a call anywhere if it turned out to be cheaper for them.

  6. packets
    Stop

    Encryption

    Exactly why the Combating Online Infringement and Counterfeits Act (COICA) bill must not pass!

  7. heyrick Silver badge

    Hmmm...

    In some rural areas, VoIP packet loss depends upon the weather...

  8. Framitz

    Old tech, new application

    I worked with voice-print technology many years ago when we barely had computers. It can be very accurate to analyze the noise under the audio for specific characteristics. I don't think artificially induced moments of silence would fool the algorithm.

    I'm sure it's a lot easier today.

  9. Anonymous Coward
    Anonymous Coward

    What the hell is GIT?

    it's GT.

    1. nematoad Silver badge
      Headmaster

      @AC 09:23

      GIT is a revision control system developed by Linus Torvalds after he decided that he was unable to use Bitkeeper due to a change in the terms of use by Bitkeeper's developer Larry McVoy.

  10. climbgeek

    @AC 09:23

    GIT is the Georgia Institute of Technology, commonly called Georgia Tech.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019