You know the ones.. “Hello Sir, this is MICHAEL and I’m calling you for the air duct cleaning service”. You know all the replies people give… “Yes, clean all my ducks. I have 12 of them. They are a bit fowl”, “FUCK YOU DON’T EVER CALL ME AGAIN YOU ASSHOLE”, and of course my personal favorite “Sure thing, come tomorrow! I’m at 6 Tettenhall Road, Etobicoke”. If you Google that address you’ll see why it’s funny – at least it is for me. Any thought of inconveniencing the residents of that home is something I feel warm and fuzzy about.
But, maybe you’re reading this in the USA. Your calls are more in line with “We’re calling about your extended warranty on your car”. I’m not sure on what else is popular down there, but in Canada we also have “You have committed a tax crime, and there is a federal warrant out for your arrest, Press 1 …”, as well as a recording in Mandarin effectively saying the same thing (it’s targeted to recent immigrants – which is actually quite clever from a scammer’s behalf, albeit terribly disgusting). And the grand daddy of them all that spans all 1st world countries… “This is William from Windows Technical Support”. Godddddddddddddddammmmmmmmit, stop calling me!
Do you own a phone? With an actual phone number? “Congratulations! Based on your contact information being part of a predictable sequence of numbers, you’ve randomly been selected to receive a telephone call about whatever tripe we’re about to shove down your throat at intervals ranging from a few hours to a few days! Press 1 now to be connected to one of our specialists who is going to [insert nefarious action here] your financial information and then [further nefarious action here] with it. We’re happy you called!” says the recording of what sounds to be a very attractive woman that’s about 25 and enjoying a Bud-Light on a beach in minimal clothing basically saying “come join the party!”.
That’s all it takes.. Having a phone number. The system don’t care if you’re $100k in student debt, or a multi-millionaire, it’ll call you – because you’ve got a number. It doesn’t matter if you hit 9 to delete your number from the database, nor does it even matter if you’re on the do-not-call-list. None of it does, because the repercussions for these actions in places where these scams originate aren’t all that harsh – and it’s also insanely hard to track these types of scams – the risk to reward for the scammers is actually well worthwhile. So, no matter what you say to these people, you’re only going to keep getting calls. Even if that one particular call center drops off the grid, your number is part of a list of millions that get dialed – and the next scam center will only go back to the master list – meaning you’re back on the rotation. It never ends – so don’t pretend like you can ask them nicely.
I get about 10 of these calls a week on my home phone and frankly it’s about the only time it rings (besides my front lobby door system). Being the solutions engineer that I am, it was time to put a stop to this nonsense. There’s a lot of services out there that will do this type of thing for you, but they all cost money. In a few rare instances they’re included with your telecom provider’s service (but that’s VERY rare). I can tell you one particular telecom in Canada does offer it on their VoIP services, and that anti-spam call blocker was actually originally sketched out on a bar napkin one night in Etobicoke after probably a few too many beers. Well, I don’t have a $1,000,000 Broadsoft switch, and frankly I’m not a big fan of Etobicoke, so I needed to figure something else out. Necessity is the mother of invention – and while what I did may not be the first time someone has done this, it’s was truly a creation I conjured up the other night.
It was time to launch my own in home PBX, otherwise known as a phone system. I spun up a free version of the 3CX server on a Raspberry Pi4-4GB running in my home network. For phones I added a Yealink W60B Base station, and a cordless W56H (with plans to add additional ones as I need it) and a Yealink T46G phone for my desk. I ported my number to voip.ms and bought a few SIP trunks from them. Upfront costs were about $20.00 for the service and $350.00 for the phones from eBay and Raspberry Pi from pishop.ca (From Ottawa!). Recurring monthly costs run around $15/month, although you can certainly do it cheaper (I have multiple DIDs (inbound numbers) and a few extra things enabled).
Effectively when someone calls any of my 4 phone numbers, it routes to a little box in my home (the Raspberry Pi) which effectively screens the call, determines what to do with it, and voila. That’s the simple answer. But I’ll break it down in more complex terms and explain the process end-to-end.
People need to be able to call this number anywhere in the world. There’s something called the PSTN or Public Switched Telephone Network. It’s more or less how all the calls in the world get made. A bunch of different providers kind of connect to this PSTN like Bell, Telus, Vodaphone, Comcast, or whomever your provider is. The days of true copper lines end to end are long gone in the developed world. Now everything is effectively digital and travels around the globe at the speed of light – which is why you can now call Australia or Hong Kong and it doesn’t sound like total crap because it’s travelling under the ocean on this mult-thousand mile copper cable. In a digital world, voice is typically transmitted over something called “SIP” which is “Session Initiation Protocol” and basically the gold standard way of transmitting and receiving voice, video, messaging, and other real-time types of data.
VoIP.ms connects to the PSTN, and then I register for some DIDs (phone numbers) with them. They point those phone numbers to my account, and then I buy what are called SIP channels from them. A single SIP channel will allow for a single voice call – so, I bought 4 (Which, is also the call limit for 3CX’s free version – but I’ll get to that). You can essentially buy as many SIP channels as you’d like and send them over one big “SIP Trunk” which is just a fancy way of saying an account where all these SIP channels are associated. SIP trunks can be authenticated by static IP Address (which, I don’t have at home), or by a SIP username & password (which is what I did).
On my side of things, I built a Raspberry Pi4 in a little case, loaded an image of 3CX server onto it, and ran through the configuration. Inside that config, you add your SIP trunk from voip.ms and assign your DIDs into the system. You add accounts (users), and then assign the users phones. Alternatively, you could instead issue user’s a softphone (a virtual phone – such as an app on their cellphone, or a Windows / Mac program). That’s about it for the basic setup.
Now, when calls come to any of my numbers, they reach the phone system I’ve setup. Right now I have 4 numbers as follows :
In each case, the calls route to a different place. My toll free & local business number end up at an IVR (interactive voice response) Menu. “Thanks for calling, press 1 for, etc..” type of deal. The spare number just disconnects the call immediately (there’s lots of uses for this), and then the main local inbound number for my home goes to another IVR which basically says “You’ve reached some guy who’s tired of calls about duct cleaning. Press 1 to see if I’m around”.
This is where the magic happens, and it’s so bloody simple. Auto dialers will never bypass that IVR system. Almost all of these SPAM calls more or less are done by an auto-dialer which will connect calls to a queue (put you on hold until someone can take the call), at which point your scam call center people will pickup and begin their pitch. In rare cases, it’s actually a live person who is on the line immediately for the call. An auto-dialer won’t know what to do and their dialer and my IVR will just talk to one another for 20 seconds before my system says “ya, I’m disconnecting this” and ditches the call. That’s achieved through a menu timeout, then you set the timeout action to disconnect the existing call if no buttons are pressed within X seconds. Call centers will be extremely unlikely to actually listen to the IVR and press a number to go through it and actually connect with me. I’ve yet to have it happen, but it’s plausible. Even then, I’ve cut down 95% of my spam calls already so I’m happy.
And, that is how you beat spam calls. Just a simple screening process in the way of putting an IVR in front of your actual phone ringing. Naturally, this can’t be achieved with cellphones, although this is an excellent app idea – something that would auto accept any inbound phone calls, challenge the caller to press a number to bypass the prompt, at which point your phone actually rings. It’s an interesting concept, although I feel as though this would be near impossible on iOS with the amount of restrictions Apple puts on the native phone features being able to be accessed and middle-manned. Android may be a bit more flexible. It’d be an interesting concept. I wonder if people would pay $1.00/month or $10.00 / year for a subscription to this?
One thing I was worried about was my intercom system at my condo. Like almost every intercom system ever, you dial a number from the front lobby using a code from a directory. Most of them are 3 or 4 digits long, and are sometimes simply the apartment/suite number in the building. When a normal person picks up these calls, if they want to open the door they press a key (usually ‘9’). This means the person who’s called presses the number 9 on their phone, and their phone sends a signal (called DTMF – Dual tone multi frequency) back towards the intercom system. DTMF is more or less just frequencies (or tones) being played. Try it – press different numbers, and they all sound slightly different.
My question was, will my intercom allow users to press numbers, and will those numbers actually be transmitted over the call that’s made? Turns out, it does. Awesome. That means anyone who “buzzes” me, can bypass the prompt that I’ve setup – meaning I can still direct calls to my main home line for the intercom.
Naturally, now I’m thinking of ways to make this even easier. I can program a code that only I’ll know into my IVR and that’ll open my front lobby door for me. Meaning, let’s say I forget my keys, or want to give a secret code to a friend so they can get into my building without any interaction from me. I tell them once they hear my IVR when they buzz me, they can simply enter “1234” and then the door will open for them. But how?
That’s simple. In the IVR, program an option (in this case, 1234), and when that happens my phone system recognizes this and will play back a recording to the caller (the intercom system). For the playback, it’s simply a recording of the DTMF tone for the number 9 being played (which is 1477 Hz & 852 Hz). The intercom hears this, and it triggers a relay, which then releases the mag-lock on the door latch. Done.
I’ve heard of some intercoms which are susceptible to being exploited. This is done through just playing that DTMF 9 tone from your phone or any other device which could generate such a thing. This harks back to the days of phreking and more or less a blue box. Frankly, now I’m curious if such things work and I may just try it out a few times in the next week as I deliver food around to different condos (a crude Blue Box is basically any DTMF app you can download on your cellphone). While I can only hope the people who manufacture these intercom system will filter out the various DTMF frequencies from the intercom microphone, you never really know.
So, for minimal startup costs, I have myself a pretty baller phone system, spam protection on my phones, and a whole host of other cool things I can do. I guess next up is exploring the APIs they offer – although I’m certain that’s only available in the Enterprise version – which just isn’t worth it for me at this time. Maybe next will be to setup a fax server. That’d be rad.