You build a 10 foot high wall, they will build an 11 foot ladder. Stir/shaken was good for like 6 months before spam callers were able to bypass that security measure.
If only the phone system in the US, like the rest of the modern world, had robust authentication. It’s all a bit hacked together, much like the solution.
I’ve been saying for years now that providers should try converting to cert based auth. You get issued a cert with a private key from the provider. You are the only one who can use that number and authenticate to the network with that number.
You build a 10 foot high wall, they will build an 11 foot ladder. Stir/shaken was good for like 6 months before spam callers were able to bypass that security measure.
If only the phone system in the US, like the rest of the modern world, had robust authentication. It’s all a bit hacked together, much like the solution.
I’ve been saying for years now that providers should try converting to cert based auth. You get issued a cert with a private key from the provider. You are the only one who can use that number and authenticate to the network with that number.
STIR/SHAKEN had yet to be fully implemented, so while most carriers are now signing calls, almost none are taking action against unsigned calls.
I have hope that it will become a useful tool in the future for blocking spam and even bad carriers who are signing anything and everything.