Spam and robocalls are such a nuisance and a widespread problem — Americans— that the , fining four companies responsible for billions of robocalls. , but the FCC has also tasked the communications industry with curbing the number of robocalls we all receive on a daily basis. Recently, 12 phone companies and 51 state attorneys general announced a plan to implement technology to identify, and eventually block robocalls. This is where STIR/SHAKEN (also called SHAKEN/STIR) comes in.
SHAKEN/STIR is a two-pronged protocol that. It will also work with home phones running on Comcast’s service. The end result is that Comcast, T-Mobile and AT&T will authenticate caller ID among one another, so you have more assurance that the person who’s calling you is real.
To understand what SHAKEN and STIR are, you first have to understand what they’re attempting to stop — caller ID spoofing.
What is spoofing?
More often than not, spam and robocalls originate from spoofed phone numbers. A spoofed number means the caller has intentionally faked caller ID information, displaying a number they don’t own. Scammers can use phone numbers you know, such as those of loved ones, a company, a government agency or a local phone number to give you the impression that a call is legit.
Call spoofing is important to spammers and scammers because you’re more likely to answer a call from a number you think is valid, and answering a spam call proves that your number leads to a real person. The more you pick up, the more robocalls you’re likely to receive.
What do the SHAKEN/STIR acronyms stand for?
You’ll appreciate the thought put into coming up with catchy acronyms after you see what they mean. SHAKEN stands for Signature-based Handling of Asserted Information Using toKENs. STIR is shorthand for Secure Telephone Identity Revisited. But the James Bond jokes are ripe for the making.
How does SHAKEN/STIR work?
The short version of how SHAKEN/STIR works across independent service providers is this:
When you place a call using Service Provider A’s service, that company verifies the call and attaches a digital signature that indicates it originated from a valid caller ID. Service Provider B receives the call, checks the signature, validates it again, and then shows the recipient that the call is verified — it truly originated from the number shown on caller ID.
Of course, it’s far more complex than that. If you want to get into the more technical details, TransNexus does a good job walking you through various aspects of SHAKEN/STIR such as SIP identity headers, signatures, JSON web tokens and the rest of the nerdy details.
How do I know if a call is verified?
You’ll see a message on your phone’s screen when a caller has been verified. T-Mobile users will see “Caller Verified” just below the phone number, as seen in the screenshot to the right.
Will I quit receiving robocalls?
Unfortunately, not yet. SHAKEN/STIR doesn’t block or stop unverified calls from getting to your phone, but it can be used to help identify those who are placing spam calls and shut them down. You will, however, have a better idea of which calls to answer when you see caller ID text that says “Caller Verified.”
Additionally, phone companies can use the verification technology to build more robust robocall blocking apps and services, and we’re starting to see signs of that happening sooner than later.
For instance, Verizon Wireless hasservice for all postpaid Android customers and will block detected robocalls by default. Postpaid and iPhone customers will need to download the Call Filter app in order to take advantage of the new feature.
Do I need an app or special software to use the protocol?
Right now, call verification only works on select phones. Currently, T-Mobile and Metro customers with the following devices will see the verified message if they’re running the latest device software:
Notice, Apple’s iPhone isn’t currently on that list.
AT&T hasn’t yet announced which devices will display a similar verified message.
When will Verizon and Sprint get on board?
If the FCC has its way, by the end of 2019. Verizon is already using the SHAKEN/STIR protocol for calls within its own network but hasn’t expanded to support outside providers. Sprint hasn’t made any formal announcements, but according to a letter sent to the FCC in late 2018, the carrier expects to begin testing in the second half of 2019.
As more carriers announce SHAKEN/STIR interoperability, we’ll update this post with the latest information, including devices when available.
With the FCC’s requested implementation deadline nearing, hopefully, we’ll begin to see more agreements announced and phones added to the compatibility list, making it easier to know when we should answer a random call, or let it go to voicemail.
In the meantime, make sure you’re doing everything you can to limit the number of robocalls you receive. Even if that means doing a little spoofing of your own.