Fingerprinting Telephone Calls
This is clever:
The tool is called PinDr0p, and works by analysing the various characteristic noise artifacts left in audio by the different types of voice network—cellular, VoIP etc. For instance, packet loss leaves tiny gaps in audio signals, too brief for the human ear to detect, but quite perceptible to the PinDr0p algorithms. Vishers and others wishing to avoid giving away the origin of a call will often route a call through multiple different network types.
This system can be used to differentiate telephone calls from your bank from telephone calls from someone in Nigeria pretending to be from your bank.
The PinDr0p analysis can’t produce an IP address or geographical location for a given caller, but once it has a few calls via a given route, it can subsequently recognise further calls via the same route with a high degree of accuracy: 97.5 per cent following three calls and almost 100 per cent after five.
Naturally a visher can change routings easily, but even so PinDr0p can potentially reveal details that will reveal a given call as being false. A call which has passed through a Russian cell network and P2P VoIP is unlikely to really be from your high-street bank in the UK, for instance.
Unless your bank is outsourcing its customer support to Russia, of course.
The GIT researchers hope to develop a database of different signatures which would let their system provide a geolocation as well as routing information in time.
Statement from the researchers.
Tim • October 18, 2010 7:21 AM
It would help if banks cough HSBC … didn’t call you out of the blue and start by saying “This is Jamal from HSBC, can I confirm your address and postcode?”
Seriously.