Call ID spoofing becomes more difficult

M.Sc. Chris Wojzechowski

Call ID spoofing becomes more difficult

Call ID spoofing, the concealment of telephone numbers, will be made more difficult in Germany as of 1.12.22 by an amendment to the Telecommunications Act (TKG). But how exactly is this implemented?

How does Call ID Spoofing work?

We’ve dealt with Call ID spoofing on the blog before. To summarize briefly: With this method, the caller disguises his identity behind a forged phone number. Numbers such as “110” or “112” may then appear on the display, although no one would ever call from these numbers. The fact that this scam works and is also used, we described some time ago with this example in our blog.

What are the innovations?

Scammers often call known numbers, such as emergency numbers. In the act that has now been enacted, network operators are required to no longer put through calls that transmit these special numbers as display numbers. This means that when a call is set up, the system checks whether this number is listed as a special number and only sets up a call if the number is not on this list. Numbers with the area codes 0900 or 0137 are also no longer put through. In addition, foreign numbers that want to display any German number are suppressed. I.e. the calls are established, but no German number is shown in the display anymore. This is especially useful because many fraudulent calls come from abroad and make prosecution difficult.

With the innovation, the Federal Network Agency can, under certain conditions, take measures to identify the responsible callers. Nevertheless, the Federal Network Agency is not responsible for criminal prosecution; this is the responsibility of the law enforcement authorities. If you suspect that a caller is forging his or her number, you can report this to the Federal Network Agency; at the same time, you should also inform the local police authority. For more information, please visit the Federal Network Agency’s website.

New rules – new problems

The last point in particular poses a problem in mobile communications. In roaming, calls are made from abroad using a domestic number. Under the new law, network operators must determine whether this call is legitimate or not. Here, the phone number is suppressed by default and the network provider tries to determine whether the phone number is a known number in roaming. If it is not known, it is assumed that this is an attempted Call ID spoofing attack. It can happen that incoming calls from abroad often have a suppressed number. It is expected that around 5-10% of roaming numbers will not be identified and will therefore be suppressed.

Is Call ID spoofing now effectively prevented?

How good the measures used by network providers to reduce call ID spoofing are will be seen in the coming weeks. The new features are definitely a step in the right direction and make it more difficult for attackers to forge known phone numbers. At the same time, it does not prevent the use of identifiers that are not on the block list. Attackers are always very creative when it comes to bypassing protective mechanisms. In any case, the reform puts another obstacle in their way, which must be circumvented.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.