AT&T and Comcast announced today that they've successfully tested what they believe to be the first SHAKEN/STIR-authenticated call between two different telecom networks.
SHAKEN/STIR stands for Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR), and is a protocol for authenticating phone calls with the help of cryptographic certificates.
The protocol was created to address the problem of call spoofing --calls that claim to come from a number or network, but they don't.
SHAKEN/STIR works by the network operator where the call has originated "signining" the call using a certificate. The telecom operator on the receiving end of the call can verify it came from the network the call claims it originated by looking at its certificate and making a few cryptographic checks.
Work on the SHAKEN/STIR protocol has been underway for a while, and until now, several telecom operators have tested it already, but with calls inside their respective networks, where they could verify that everything was working as intended and calls were getting signed correctly when made, and verified the right way when received.
Today, AT&T and Comcast said they carried out the first SHAKEN/STIR call made between two different networks.
"The test used phones on the companies' consumer networks - not in a lab or restricted to special equipment," AT&T said in a press release. "It was conducted March 5, between AT&T Phone digital home service and Comcast's Xfinity Voice home phone service."
"The calls were successfully authenticated and verified using the SHAKEN/STIR protocol - believed to be an industry first for calls between separate providers," the US telco said.
The US Federal Telecommunications Committee has been pushing for SHAKEN/STIR's adoption and has imposed the end of 2019 as a hard deadline for networks implementing the protocol.
SHAKEN/STIR won't help stop robocalls (spam phone calls) completely, but they will help networks and end users spot them easier.
Telcos will be able to mark calls that not have been SHAKEN/STIR-signed as suspicious and consumer will be able to act on these warnings and turn down calls.
Further, SHAKEN/STIR will also be useful in fighting other types of telephony-based fraud, which is estimated to have caused losses of around $38.1 billion to telcos and their consumers.
Related security coverage:
- Microsoft releases Application Guard extension for Chrome and Firefox
- Google open-sources project for sandboxing C/C++ libraries on Linux
- Microsoft to fix 'novel bug class' discovered by Google engineer
- Kaspersky files antitrust complaint against Apple in Russia
- EU government websites infested with third-party adtech scripts
- Aluminum producer switches to manual operations after ransomware infection
- Slack's new enterprise-grade security tool lets you add encryption keys TechRepublic
- Amazon's Rekognition software lets cops track faces CNET