CLI spoofing still create headache despite adoption of more enhanced signaling protocols
Markus Zimmermann
Senior VP Business Development Europe @ SEGRON | Telecommunications Management
In an article I had posted 2 years ago, I highlighted the phenomenon of CLI spoofing in Europe: The phenomenon was provoked by the introduction of origin based charging in many countries of the EU, and it had an impact on operators call termination revenues, as well as on subscribers who received a lot of calls from unknown phone numbers.
Recent checks done in some European countries have revealed that CLI spoofing has not disappeared.
What does this mean? That a lot of operators seem to have not undertaken any counter measures? Or did they? Or at least they thought they did?
Let us bring some light into how CLI information is transmitted in international carrier domains:
As voice services migrate away from a circuit switched environment to IP, the SIP protocol becomes THE standard for voice call signaling.
SIP defines the P-Asserted-Identity (PAI)– a trusted CLI assigned by the originating IPX service provider; the PAI is supposed to provide more reliable CLI provisioning for voice calls between trusted SIP/IP networks. For instance, using PAI, a caller himself cannot modify any longer his own CLI, as the PAI is assigned by the originating IPX service provider, and not by the caller himself (other than the caller ID contained in the SIP header)
While the usage of the PAI will significantly lower the amount of that type of CLI spoofing where the calling user intentionally sets a wrong SIP header, it is not the ultimate solution to stop spoofing a CLI by an IPX service provider. Any IPX domain may provide a PAI, and a recipient of a SIP message has no direct assurance of who generated the PAI header field value: It is all about trust (or not) into a IPX service provider who forwards a call attempt into one’s own IPX domain. IPX domains are dictated by business needs, more than by security standards; thus, the level of assurance of a PAI is only as good as the least trustworthy member of a trust domain, or a cluster of trust domains.
Last, but not least, the PAI field will get lost whenever there is interworking between SIP and ISUP or BICC; thus, as long as there will be still long distance carriers or local carriers offering voice services “the good old way”, there won’t be any E2E guarantee about a trusted PAI.
So, to cut the long story short: The introduction of the PAI field in SIP messages will have a very low impact on the CLI spoofing for international voice calls. Terminating operators, in the best case, will charge the highest termination fee in case there is no valid CLI in the incoming SIP header or in the ISUP /BICC message, without being able to deliver a correct CLI to the called party user. In the worst case, even the correct charging will fail as the CLI will look like one from an EU country. Even worse: In both cases, the called users will receive a wrong CLI or no CLI at all – and there is high probability that they will not pick up the call.
A recent snapshot (status: October 2020) on the status of CLI spoofing for incoming calls from some selected countries towards operators from Austria, Belgium, Germany, and the Netherlands, confirms that CLI spoofing still is an issue.
Fighting CLI spoofing is a challenge, no doubt about this, and it needs absolute focus and a clear battle plan: Luckily, there are tools and methods available to detect and minimize CLI spoofing. Mobileum offers a huge variety of such tools, as there are:
Enhanced E2E test calls to detect all routes affected by CLI spoofing
Steering of Roaming platform to steer away outbound roamers from those operators from which spoofed calls are originated
Anti-fraud and blocking solutions to prevent spoofed traffic terminating into an operator’s network
Markus Zimmermann
Vice President Central & Western Europe
SIGOS – a Mobileum company