By Jason Cipriani - c|net




Spam and robocalls are such a widespread problem -- Americans endured over 26 billion of them in 2018 -- that the FCC has stepped in, fining four companies responsible for billions of robocalls. Stopping robocalls on your own is one thing, but the FCC has also tasked the communications industry with curbing the number of robocalls we all receive on a daily basis. This is where STIR/SHAKEN (also called SHAKEN/STIR) comes in.

SHAKEN/STIR is a two-pronged protocol that AT&T and T-Mobile will use to verify that the incoming caller is legit. It will also work with home phones running on Comcast's service. The end result is that Comcast, T-Mobile and AT&T will authenticate caller ID among one another, so you have more assurance that the person who's calling you is real.

To understand what SHAKEN and STIR are, you first have to understand what they're attempting to stop -- caller ID spoofing.

What is spoofing?

More often than not, spam and robocalls originate from spoofed phone numbers. A spoofed number means the caller has intentionally faked caller ID information, displaying a number they don't own. Scammers can use phone numbers you know, such as those of loved ones, a company, a government agency or a local phone number to give you the impression that a call is legit.

Call spoofing is important to spammers and scammers because you're more likely to answer a call from a number you think is valid, and answering a spam call proves that your number leads to a real person. The more you pick up, the more robocalls you're likely to receive.

What do the SHAKEN/STIR acronyms stand for?

You'll appreciate the thought put into coming up with catchy acronyms after you see what they mean. SHAKEN stands for Signature-based Handling of Asserted Information Using toKENs. STIR is shorthand for Secure Telephone Identity Revisited. But the James Bond jokes are ripe for the making.



How does SHAKEN/STIR work?

The short version of how SHAKEN/STIR works across independent service providers is this:

When you place a call using Service Provider A's service, that company verifies the call and attaches a digital signature that indicates it originated from a valid caller ID. Service Provider B receives the call, checks the signature, validates it again, and then shows the recipient that the call is verified -- it truly originated from the number shown on caller ID.

Of course, it's far more complex than that. If you want to get into the more technical details, TransNexus does a good job walking you through various aspects of SHAKEN/STIR such as SIP identity headers, signatures, JSON web tokens and the rest of the nerdy details.



How do I know if a call is verified?

You'll see a message on your phone's screen when a caller has been verified. T-Mobile users will see "Caller Verified" just below the phone number, as seen in the screenshot above.

Will I quit receiving robocalls?

Unfortunately, not yet. SHAKEN/STIR doesn't block or stop unverified calls from getting to your phone, but it can be used to help identify those who are placing spam calls and shut them down. You will, however, have a better idea of which calls to answer when you see caller ID text that says "caller verified".

Additionally, phone companies can use the verification technology to build more robust robocall blocking apps and services, but we're not quite there yet.

Do I need an app or special software to use the protocol?

Right now, call verification only works on select phones. Currently, T-Mobile and Metro customers with the following devices will see the verified message if they're running the latest device software:

Samsung Galaxy Note 8
Samsung Galaxy Note 9
Samsung Galaxy S8
Samsung Galaxy S8 Plus
Samsung Galaxy S9
Samsung Galaxy S9 Plus
Samsung Galaxy S10e
Samsung Galaxy S10
Samsung Galaxy S10
LG G7 ThinQ
LG G8 ThinQ
LG V40 ThinQ
AT&T hasn't yet announced which devices will display a similar verified message.

When will Verizon and Sprint get on board?

If the FCC has its way, by the end of 2019. Verizon is already using the SHAKEN/STIR protocol for calls within its own network, but hasn't expanded to support outside providers. Sprint hasn't made any formal announcements, but according to a letter sent to the FCC in late 2018, the carrier expects to begin testing in the second half of 2019.

As more carriers announce SHAKEN/STIR interoperability, we'll update this post with the latest information, including devices when available.

With the FCC's requested implementation deadline nearing, hopefully, we'll begin to see more agreements announced and phones added to the compatibility list, making it easier to know when we should answer a random call, or let it go to voicemail.

In the meantime, make sure you're doing everything you can to limit the number of robocalls you receive. Even if that means doing a little spoofing of your own.