Academics test innovative approaches to combat malicious robocall epidemic
The quest to track and end robocalls, estimated at 4.9 million per hour in the U.S., has expanded beyond efforts by telecom industry players, regulatory agencies, and the government. It's now capturing the attention of academics as well. Researchers at North Carolina State University, and Georgia Institute of Technology/University of Georgia recently released findings of their academic studies around robocalls.
The studies, focused on the use of honeypots and a virtual assistant app, have attracted public interest, dangling promising new approaches that may help us understand how robocalls work, what consumers should do about them, and how to separate fact from fiction.
What lessons were learned? Honeypots can help isolate, track down, and end malicious robocalling campaigns for users looking to block robocalls entirely; and apps that act like a personal assistant that interacts with users also offer distinct advantages. While every effort to put an end to robocalls is valued, the combination of rich call data with STIR/SHAKEN call authentication technologies not only offers a solution, but enables all parties to meet regulatory requirements set by the FCC.
It’s a fact‒you catch more flies with honey than vinegar.
Last year, researchers at North Carolina State University came up with a unique idea to better understand robocall frequency and trends to identify and uproot malicious calls. Conducting a large-scale, longitudinal study of unsolicited calls to a honeypot of up to 66,606 virtual VoIP phone lines over 11 months, researchers used a clustering algorithm to group subsets of robocalls into distinct call campaigns based on similarities in the calls’ audio.
Between March 2019-January 2020, the researchers set up a telephony “honeypot” to receive and process phone calls. A honeypot offers an isolated test environment to collect information about adversaries operating in the phone network and monitor how robocalls interact with the phone lines contained “within” the honeypot. After 11 months, they received over a million robocalls, tracked 2,687 campaigns, and were able to identify two separate Social Security scam campaigns.
The study, which garnered much media coverage and was awarded a Distinguished Paper Award by USENIX Security, outlined several key findings:
- The use of honeypots offers a promising approach for tracking down and ending malicious robocalling campaigns.
- Service providers can create their own honeypots to identify robocalling campaigns with a malicious intent, target the source of these campaigns and ultimately take them down, helping to protect their subscribers.
- Answering a robocall does not lead to more robocalls – a common misconception.
Additionally, the researchers note this method may offer advantages to current detection methods. Call traceback, one of the current methods to investigate suspicious calls, requires fraud specialists to trace a call across a series of carriers and can often take many hours to complete for a single call. As a result, this process alone may not be feasible for providers to adopt on a large scale.
A virtual assistant to screen your calls.
While NC State was busy with their honeypot, another novel concept was being tested by two other universities. Researchers at the Georgia Institute of Technology and the University of Georgia collaborated on development and testing of a virtual assistant prototype called RobocallGuard, that interacts with callers to screen out robocalls and unwanted callers on smartphones.
The app works by asking callers a screening question before connecting the call. RobocallGuard screened out all unwanted calls across three different experiments. Processing close to 8,000 robocalls, the virtual assistant was capable of detecting and blocking every single one. Also, when tasked with labeling calls as human calls or robocalls, the app was able to label 97.8% of robocalls correctly. The app can also screen out even spoofed calls, without impacting the call experience or screening out legitimate callers.
Fact vs. fiction: do apps stop robocalls?
The fact that solutions that address robocalling are now being investigated by top notch universities represents just how big a problem it is for everyone in the telecom ecosystem. But the solution is not that simple.
In the case of RobocallGuard, it will only work if the callee has a Smartphone, and much of the vulnerable population does not. In addition, creating an effective defense against robocalls requires a wide deployment – and getting consumers to adopt such apps has proved challenging. Finally, apps like RobocallGuard are not designed to protect users against targeted attacks. If fraudsters have details about the recipient, and launch a direct attack, they can defeat the app.
Neustar has helped countless service providers, enterprises, and consumers deal with the onslaught of unwanted robocalls and spoofed calls. Visit our Trusted Call Resource Center to learn how you can optimize outbound call operations, comply with regulations, increase contact rates, and protect your brand. Contact us today!