Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis
Unsolicited calls are one of the most prominent security issues facing individuals today. Despite wide-spread anecdotal discussion of the problem, many important questions remain unanswered. In this paper, we present the first large-scale, longitudinal analysis of unsolicited calls to a honeypot of up to 66,606 lines over 11 months. From call metadata we characterize the long-term trends of unsolicited calls, develop the first techniques to measure voicemail spam, wangiri attacks, and identify unexplained high-volume call incidences. Additionally, we mechanically answer a subset of the call attempts we receive to cluster related calls into operational campaigns, allowing us to characterize how these campaigns use telephone numbers. Critically, we find no evidence that answering unsolicited calls increases the amount of unsolicited calls received, overturning popular wisdom. We also find that we can reliably isolate individual call campaigns, in the process revealing the extent of two distinct Social Security scams while empirically demonstrating the majority of campaigns rarely reuse phone numbers. These analyses comprise powerful new tools and perspectives for researchers, investigators, and a beleaguered public.
Sathvik Prasad is a Ph.D. student in the Computer Science Department at North Carolina State University, and a member of the Wolfpack Security and Privacy Research (WSPR) lab. He is advised by Dr. Brad Reaves. Sathvik's research interest spans the area of system security and privacy, with an emphasis on developing and applying data-driven techniques to study spam, abuse and fraud. He currently works on developing techniques to detect and characterize Robocalls — a catch-all term for automated phone calls. His team's recent paper on Robocalls was published at USENIX Security, received the Distinguished Paper Award, and won 1st prize in Facebook Internet Defense Award.
Personal Website: https://sathviknp.org