Comments on: Security and authentication on the telephone

Question: Security and authentication on the telephone

selton — Mon, 10 May 2010 13:30:52 -0800

Two prominent, famous or 'important' people talk on the telephone. How does either the caller or recipient know they're actually speaking to the real person ?

For instance: Suppose the Prime Minister of Greece needs to speak to the Chancellor of Germany urgently. How would it be ensured that the person finally picking up the phone was really the Chancellor ? How could the Chancellor know it's really the Prime Minister on the other end ?

Would there be code words used between their personal assistants when the call is placed and received ? How would the authentication be done ?

Substitute those two with different people who may have had even less of a connection previously: maybe the CEO of BP taking a call from the Governor of one of the areas threatened by the recent oil spill ? Or Warren Buffett and the director of a company he's been rumoured to be considering buying a stake in ?

Impersonating someone's voice (especially someone in the public eye), rerouting landline phone numbers, stealing someone's mobile phone (or at least the sim) etc. don't seem insurmountable hurdles if someone was determined.

Obviously as a prank it might just be a waste of a few minutes, but in delicate discussions it could be much more than that.

By: dfriedman

dfriedman — Mon, 10 May 2010 13:35:56 -0800

I have worked in the past with people who worked for an A-list name. Basically, these people answered all of his calls and screened the calls for him.

When another A-lister wanted to get in touch with this A-lister, my understanding was that the second A-lister's personal assistant/secretary would contact the first A-lister's personal assistant/secretary and say, essentially, "A-lister #2 is on the line for A-lister #1."

Etc.

This was in the business/political world. It may be different in the celebrity world.

By: Cool Papa Bell

Cool Papa Bell — Mon, 10 May 2010 13:37:15 -0800

There have been a few cases where pranks have occurred. Sarah Palin took a prank call. I think George Bush was a victim once, too...?

In reality, calls like these are arranged by subordinates on both sides, who can authenticate by pre-arranged ID systems, like Caller ID on steroids. There could also be dedicated lines involved.

By: phrontist

phrontist — Mon, 10 May 2010 15:24:58 -0800

who can authenticate by pre-arranged ID systems, like Caller ID on steroids.

This is what the OP is asking about, I think. Can you elaborate?

By: Civil_Disobedient

Civil_Disobedient — Mon, 10 May 2010 15:28:34 -0800

At some point it will boil down to a public listing of some sort, like the toll-free telephone number to the corporate headquarters that's then transferred from secretaries up the chain of command.

Kind-of like, I call your public number and tell you my public number's CEO wants to talk to your public number's Governor. Would you please call me back at my publicly-listed number to confirm? It is an interesting question of distributed trust.

By: Xalf

Xalf — Mon, 10 May 2010 15:31:36 -0800

Slate's Explainer explains.

By: rokusan

rokusan — Mon, 10 May 2010 15:52:26 -0800

It is an interesting question of distributed trust.

It's boggling how many large, reputable organizations don't have this basic security hole figured out. I have brushed off calls that, I suppose, might have been from my bank or credit card company because they phoned me and then asked me to verify my identity.

"Ma'am, you called me. I don't know who you are. I'm not giving you personal information."

As Civil says, public numbers are very useful in fixing this trust problem, and are certainly used as a single-party piece of the solution. The fact caller ID is so easily spoofed still makes this inadequate for both parties, though, which is why the call me back at this other public/verifiable number is the easiest route.

See also, seriously, Kevin Smith calls Prince.

By: ocherdraco

ocherdraco — Mon, 10 May 2010 17:19:16 -0800

Certain people are instantly recognizable on the phone. Once, Dan Rather called my direct line (trying to reach someone else; I don't know why he called me) and it was ABUNDANTLY CLEAR that it was actually Dan Rather. There was just no mistaking his voice, and an imitator couldn't have gotten that close. I think there are probably several public figures like that.

By: Oriole Adams

Oriole Adams — Mon, 10 May 2010 20:07:24 -0800

This person got Chris Rock's old cell phone number. Spike Lee and Adam Sandler called her directly; Jerry Seinfeld and Jack Nicholson had assistants do the dialing.

By: aqsakal

aqsakal — Tue, 11 May 2010 01:14:33 -0800

Been there, done that. The subordinates (PAs, Principal Private Secretaries, etc.) of A-class people already know each other, at least by phone if not personally, and will chat briefly for a moment before passing the call "up" to the boss. If they're calling someone to whom they have no personal contact (say, a newly-elected prime minister), they'll first go to somebody they know personally, who will pass the call on with a confirmation that it's kosher.