Computer science researchers get to the bottom of robocalls
Automated or semi-automated phone calls, also known as robocalls, are a major security concern for phone users in the United States. While most robocalls are an annoyance, some of these calls are specifically designed to target the vulnerable segments of our society.
Dr. Bradley Reaves was first inspired to research robocalling after a visit to his grandparents over Christmas break when he was a graduate student.
“Their phone was ringing constantly with robocalls. It was disrupting their lives,” shared Reaves, assistant professor in the Department of Computer Science (CSC). “I realized that this has made an essential service basically unusable, and something needed to be done.”
Reaves took this inspiration and wrote his dissertation on how to build a better Caller ID system that can’t be spoofed so that unwanted calls get through. His work on robocalls is being continued with a team of graduate students in CSC with support from the National Science Foundation.
In their newest paper, “Who’s Calling? Characterizing Robocalls through Audio and Metadata Analysis,” the group found a lack of empirical grounding to understand the scale of the robocalling landscape. They sought to provide the first longitudinal analysis of the robocalling problem in the U.S. while also providing powerful new tools and perspectives for researchers, phone service providers and the general public.
The study centered around answering three questions. Is the problem of robocalls getting worse? Is it even safe to answer the phone? Who is calling and how do they operate?
Over the span of 11 months, the researchers worked with communications company Bandwidth, Inc. to collect data from unsolicited phone calls made to over 66,000 unlisted phone numbers, resulting in 1.48 million phone calls in total.
“The sheer number of unsolicited phone calls indicates that robocalling is a huge problem in the United States. Our findings highlight the need for an effective solution to combat robocalls and protect phone users,” shared Sathvik Prasad, a doctoral student in CSC.
Using audio processing techniques, the researchers grouped similar call audio recordings into broader campaigns to uncover robocalling campaigns operating in the wild.
It was discovered that nearly 62 percent of the unsolicited calls received by the researchers’ numbers included practically no audio at all. Which, according to Prasad, was surprisingly high.
“Only a little more than half of the remaining 38 percent contained enough audio data to allow for us to conduct a robust assessment.
“But what was exciting was that we were able to identify calls that were identical or nearly identical, allowing us to group calls into clusters that were clearly all affiliated with a single campaign,” Reaves says.
They also identified long-running fraudulent phone campaigns designed to defraud senior citizens and recent immigrants in the United States.
“The audio processing techniques allowed us to reliably uncover fraudulent robocalling campaigns. Our language-agnostic techniques helped us identify two distinct robocalling campaigns operating in Mandarin. We also uncovered two Social Security fraud campaigns that attempt to defraud their victims,” Prasad said.
Robocalls are used to deceive callers by frequently changing their caller ID. The researchers found that some robocalls used sophisticated spoofing techniques to ensure that the incoming call appears to originate from a neighbor in your region. Prasad said that this is done by spoofing the caller ID to match the first six digits of your phone number.
The team found that there was no evidence that answering an unsolicited call increases the number of unsolicited calls received. Additionally, they found that they can reliably isolate individual call campaigns, which in the process revealed two distinct Social Security scams while also empirically demonstrating the majority of campaigns rarely reuse phone numbers.
Prasad said that by using the tools and techniques presented in their paper, they can equip the service providers to systematically identify fraudulent robocalling campaigns and surgically target the source of these operations.
Looking to the future, Reaves and Prasad agree that this research will be continued.
“The COVID pandemic has triggered robocalls that pitch fake COVID tests. This is just one of many examples where fraudulent robocallers change their tactics and exploit recent events in our society to target victims. We still have so much more to understand about robocalls and how they operate,” Prasad said.
The group’s paper was presented Aug. 12 at USENIX Security Symposium, where it received the first place Internet Defense Prize from Facebook and a distinguished paper award. The paper was co-authored by Elijah Bouma-Sims, an undergraduate at NC State, and by Athishay Kiran Mylappan, a former graduate student at NC State.