Getting Rid Of Telemarketers With A Banana Phone

Banana

The Federal Trade Commission really doesn’t like robocalls and other telephone solicitors selling you vinyl siding or home security upgrades. The FTC is even offering $50,000 to anyone who can do away with these robocalling telemarketers, and [Alex] looks like he might just claim the prize. He developed The Banana Phone, a device that eliminates those pesky telemarketers.

The basic idea of the Banana Phone is requiring callers to enter a four-digit pass code (played via text to speech over a relevant song to prevent a bot from getting through) before connecting them to the main line. Once a caller has been verified as human, their number is added to a white list so they won’t have to listen to [Raffi] every time they call.

The Banana Phone uses off-the-shelf parts  including a Raspberry Pi and a phone/Ethernet adapter with the total build cost under $100. You can check out a demo of the Banana Phone in action after the break starting at about 2:25.

[youtube=http://www.youtube.com/watch?v=ovaWvFQgrqU&w=580]

78 thoughts on “Getting Rid Of Telemarketers With A Banana Phone

    1. True, though you could defeat the simple text-to-speech by asking a question that expects a numeric result. Now you add a natural language processing component. The trick will be to have a massive and changing body of question types (the exact numbers and therefore answer would need to be variable on the fly) so that an attack doesn’t just record and reference the question type to figure out the operation to perform against it. In the end, like all security systems, it is all an arms race and one that the consumer is always playing catch-up in.

      1. CAPTCHAs have traditionally been broken through their voiced versions (meant for the visually impaired), so I would guess the banana phone is much less robust than a typical visual CAPTCHA, most of which can be fooled at a reasonably low error-rate. One advantage the present solution does have, though, is that it is probably more difficult, and costly, to sample and build a database of answers over the phone than it is online.

          1. Yeah, any known song could be filtered out. It would be much better to procedurally generate something (a chiptune?) in the same frequency range as the speech used for the digits.

          1. If these were effective, instead of the present CAPTCHAs, they would be the norm all over the internet. Yes, they are in use in some forum software, but the problem is generating the questions, as you’ll need a human and will thus be limited to a rather small set. Such a database can be quickly sampled by robots. If the answer is only one number, the robot success rate would be 10% anyway, so after a few calls it would’ve secured its place on the white list. I can’t think of many 4 number questions regular people would remember the answer to.

            Of course big neural networks and solutions out of consumers’ reach like IBM’s Watson can trivially break these.

          2. An effective method would be to choose a random question with an set of numbered answers where the order of these answers is randomly generated.
            E.x. What color is a firetruck? Is it 1 purple, 2 red, 3 green

    2. They won’t bother if it’s not widely used, so for a while it’s a working protection.

      And if they break it you still have a system for whitelisting numbers, handy in itself, especially if you are a known person or under assault of some phoneattacker.

    3. Hi Guys,

      thanks for all the feedback. This discussion is good and there are some concerns on the functionality. So here a couple things I’d like to address:

      1) the audio mixed in with the 4 digits is easily changed (trivial coding). Several background audio files could be used in the auth code mixing per incoming call for added entropy. This particular audio selection was a demonstration as proof-of-concept for the judges.

      2) The human validation mechanism can be changed or even randomized among a set of tests (simple arithmetic, multiple choice, etc). This is being researched as a feature now.

  1. It’s a real shame we can’t use the “magic bullets” that the cable TV providers used to knock out hacked converter boxes…

    I kid, but I got three of those calls last night, and would have pulled the trigger on each one.

  2. Very interesting idea! Though, if this is applied widespread, robocallers may try to get around it. But for your personal phone, you could probably even get away with a “Please press 2 now. Please press 5 now.” That would be a lot less confusing to your grandma and you wouldnt need a prompt explaining what to listen for.

  3. Good idea, I’m not sure if I missed it but the song bed should randomly change as well. A single clip could be used to break the system and then you would be back at square one.

    1. Hi messmaker,

      You are absolutely correct. The song used in the video is a proof-of-concept to demonstrate the system’s human validation mechanism. In production, this audio clip generation would have several background noises to select from in generating the code audio file.

      I’m finding people are getting a little confused by the title of the project and think the sound clip used in the video is the only one that can be made available.

      Hope this clarifies things.

      Alex

  4. I have a better idea: when the robo call is detected, have it shunted to a decoy call center where people trace the call, make contact with the people or companies involved. Hit them at their source. Keep them talking until you can trace them back.

  5. Unfortunately, the author understimates the power of large rooms full of humans working for pennies doing the spammers’ bidding :(

    Unsolicited/unwanted does not mean illegal. Reverse 911, political parties, businesses you have done business with in the last X months… All of those must be allowed through.

    Determining if caller is human is not the problem. Determining if the call itself is legitimate is. And there lies the real challenge.

    How do you determine the content of the conversation before the conversation has taken place?

    1. There is no need to let political advertisers, etc. through. Just because they made loopholes in the law does not mean I have to listen to them.

      Privacy is ultimately the right to be let alone.

    2. Nobody is arguing that spam is illegal – they’re arguing that it’s unwanted. I personally don’t care if the call is from a political party or some business who got my number from a frequent shopper card – I am under NO constraints to allow those calls through, and would rather not get any robocalls from them. If the call is from a human then it should be simple enough for them to confirm their identity.
      Reverse 911 can be allowed via the white list.

      Your first point is completely valid, though. Whitelisting a call simply because one person manages to complete the audio CAPTCHA bypasses the cost/benefit consideration of the spam farms. The current situation is only sustainable because most/all spam centers use a robo screener. If every call requires human intervention the overall cost increases significantly making it much more difficult for these companies to turn a profit. No – it won’t get rid of spam calls entirely, but it should slow them down at least.

    3. I think allowing certain types of calls to come through isn’t at issue. While political parties and other entities might have the legally protected right to ring my phone, I have no legal obligation to answer. And if I let a screening system, be it an answering machine or this project or some other technology, intercept those calls, that is my choice, not theirs.

      The same holds true for email filters. Some organizations claim a legal right to send messages to me, but no law stops me from filtering those messages away from my view.

      So it’s not about preventing the company from calling my phone, it’s about my right to refust that call using whatever technology I choose to use. (Google Voice has a block list; just saying.)

  6. Maybe the FTC could, you know, *fine* the companies doing the robocalling?

    Oh wait, that would require bureaucrats to actually do something. That’s not really in their remit – they’re used to sitting in chairs and making rules for others to follow.

    Lazy gits. They could have fixed this issue decades ago with strong regulation and vigorous enforcement, but decided it wasn’t worth the effort.

    (And no, finding out who these people are is not hard. Set up honeypot phones in random places, subpoena the phone company, purchase the product & see where the money goes – there’s no reason why they can’t just fix the problem.)

    1. The real problem is that there’s no product to purchase. Half the time you punch “1” or whatever and the call terminates with no answer from the call center. If you do get connected, that company passes you on to another one…I went down the rathole once to see what happened. The place at the end was a scam operator selling cruises.

      So there are at least three companies involved on most of these calls. They’re better off trying to find the gateway onto the telephone network and shutting them down.

    2. I called my state representative and her worker who handles this complaint said it wasn’t illegal for telemarketers to call me even though I’m on the “Do Not Call List”. She said to support stronger laws. The state attorney general stopped fielding calls and they don’t have jurisdiction. If they route the call through a country that doesn’t have diplomatic relations, you really can’t do anything about it.

      What works is picking up the phone and hanging up on these people. Put their phone number on block or assign them a number in your phone as “Telemarketer#1”, etc., and assign “no ring” as their ring type.

      Just the other day a lady called our office and said,”Hi, I’m Tina” and she wanted to know the model number of our copier so she could get us squared away on the toner for us. Our secretary said, “which copier?” and the lady hung up. Once you volunteer information, they are going to order you supplies and if they record the call, it will sound like an agreement. We don’t let other people order for us so this type of call should be suspect. This is basically how their scam works.

    3. “The Federal Trade Commission really doesn’t like robocalls and other telephone solicitors …”

      I about wet myself with that one! Actually the FTC couldn’t care less. They are in the pocket of the phone companies that make money from telemarketers.

      I have filed multiple FTC complaints for “Do Not Call List” violations. I actually received an acknowledgement by mail over ONE FULL YEAR after I filed it.

  7. While I applaud this project for being a very successful and professionally done hack, the last thing I think people want is captcha for their phone number, even if you only need to authenticate once (who are we kidding?) from a normal number.

    I think the ideal solution should be as transparent as possible. This misses the mark on that front once the inevitable arms-race begins. Also, the gov’t/charity/etc. whitelist sounds like the most vulnerable and cumbersome part of the whole system.

    If anything close to captcha begins to become the norm for every phone call, it may be the final push that moves people over to services such as Skype. Let’s just hope Skype ends up being more like Google Chat and less like Yahoo Messenger in terms of keeping the bots out. Let’s also hope the cell phone companies don’t mind being put in the same position as the cable companies (just another ISP).

  8. Interesting project. But I’m not one to put family, friends and others through extra annoyance to reduce the annoyances I experience. Took me the longest time to put an answering machine on my landline to screen calls. A way to manually add entries to the white page list. I believe the ID data burst occurs between the first, and second ring pulses, so light sleepers are going to be awakened.

    1. Hi n0lkk,

      A web admin interface for the device is being planned, as well as the ability to import existing contact phone numbers from various sources (Gmail, smart phone, etc). I am seeing that people are most concerned with how quickly they could populate their own local white lists with their desired contacts. This will be addressed and mitigated as much as possible to keep the device user-friendly. Getting to hear these real concerns of the potential users is excellent.

      Thanks,

      Alex

  9. I can’t believe this is still a “real” problem.

    First off, get rid of that dinosaur called “the land line”.

    Then on your mobile, download one of the numerous black list call blocker apps. White list your contact list, black list “private” “0000000000” and have all unknown numbers (i.e. numbers not in your contacts) go silently to voice mail. As needed (or as they occur) add the crap callers to your black list.

    It’s really not rocket science to CONTROL your own phone and who gets to contact you.

    1. That is dangerous. Suppose the emergency room calls about your loved one who is in the hospital and needs consent and the injured is unconscious. They won’t be able to get through because you locked them out. I have kids in school and the school might have to call so we have to pick up but generally don’t accept calls outside of our general area code.

      1. Aaaahhh… the “suppose a loved one in an emergency…” hypothetical situation… if I had a dollar for every time I heard that one. People got through emergencies fine without phones for centuries. This excuse is also used by annoying people who won’t turn their cellphone off at restaurants, movie theaters, etc. They want to feel important by keeping the phone on 24/7…the truth is that they end up making or receiving unimportant calls where they shouldn’t.

        That is what caller ID is for. people want to have the little computer in the phone make the decision for them instead of just reading who is calling. Telemarketers are obvious and can be ignored, or worst case scenario: hang up on them if you picked it up without looking! :P

        Creative use of a RPi nonetheless.

      2. Bad example. The hospital would leave a message saying to call them back and that it is urgent. You would see that you have a new voicemail. Yes a small delay, but I’d have the same delay by not answering my phone if I was busy. Do you take your phone into the shower just in case you get an emergency call?

    2. Well that dinosaur still works well. Likely to function in the event of a local,national region emergency, if the phyosical plant escapes bamage. Depending where you live if the cellular phone system survives, law enforcement and public safety will have priority access. The rest of us will have to wait to get a time slot could be as short as five minutes. I discovered that while researching Radio Amateur Civil Emergency Service emergency plans of other groups around the USA. Anyone that relies %100 on a cell phone should try to discover what the reality is for their area. and create plan with family outside their are who cold relay your status to others who would be concerned. When/if I can afford it I may go as far as to purchase an inexpensive dial up internet access to be able to use email. Personally I hate using a cell phone because the ones I can afford don’t fit my hand well, well if my $40 subsidized phone breaks it will cost me over $200 to get a similar replacement. Personally I can’t see the current business model paying the bills & reasonable profit for the carriers , even if everyone migrated from POTS to cellular service. LASTLY; Who would really believe if when that migration reach some critical(for telemarketers) percentage, that the telemarketing sector will not get access to our cell phone numbers & regulate the “not rocket science. features” out of existence?

    3. Indeed. Not a real problem. There is caller ID on the phone company side and the answering machine on my side. If I don’t know the number I don’t pickup and let the machine do it. If it is someone I know calling from an unknown phone (friend, etc) I pick it up. Answering machine is set to hangup if there is no sound at the beep (5 sec grace period) and record a maximum of 1 minute. This on my “dinosaur” land line that works when cellphones don’t. I’m not counting all the blocking features that come with the “dinosaur” (also active).

      My old cell phone has 3 seconds of silence as the main ringtone (created myself in my PC) and custom ringtones for everyone in my directory. You are not there, you don’t make any noise, you don’t bother me :D No need for “apps” as it is not a smartphone. Telemarketers are ALWAYS ignored and don’t call again as I never pickup. This done in a cellphone from 2004.

      Phones are there for my convenience, not theirs.

  10. Hmmmmm, interesting idea.
    Could this be done in software on an Android phone?
    I guess I’m asking about the possibility of an app intercepting the audio from a call, transmitting WAV File audio over the phone line for voice instruction, then processing it for DTMF signals, all without any user interaction? Kind of like a smartphone call menu system.
    Now that would be cool!

    1. Hi Stu,

      That is an excellent question. The smart phone implementation must be taken slightly differently. The normal APIs on iPhone/Android do not allow direct call audio stream access. It would just be too much of a security risk. So the call filtering must be done a different way. I wrote up a separate treatment for the smart phone extension of the Banana Phone project, which was also submitted to the competition as well.

      The nice part is that the keep-alive white list method can be directly ported (functionality-wise) to smart phones, maintaining the need of passing legit robocalls through.

      Thanks,

      Alex

  11. With this system, couldn’t a nefarious robocaller simply hire a call centre or someone to go through their list of numbers just to “authenticate” and hang up, then hand it over to the machine for daily spamming?

    I get some calls that I suspect are like that already. They dial, I answer, and then hear nothing on the line. As soon as I say “hello” or something, *click* they hangup and I just verified that the number leads to a real human.

  12. With no disrespect for the Indian call center operatives, perhaps a really thick Indian accent would serve as a Captcha? But getting to the nitty gritty, could this be simplified enough to put on a cheap chip in line with the phone? Even if it removed most of the nuisance calls it would be better than the current status quo. I have just got rid of my land line mostly because of these calls.

  13. a better, more transparent and safe option would be to have a blacklist. put a middleman (raspi) between phone and jack, wait for data burst then compare with a list and close the connection to the phone itself. Put a big red X button to add a ringing number to the blacklist. only disadvantage is that you lose a ring’s worth of time to get out of the bathroom and that every new telemarketer will get through once.

  14. Wait…people still have wired phones? I thought that was just a gimmick from the cable company to make an extra $5 on their 3-way combo deal with TV and internet. I didn’t think anyone actually plugged phones into them.

    Personally, it seems like Google needs to step in. The “Restricted” contact feature is a nice start, but it only supports so many numbers. It would be neat if our phone apps had something like a hosts file so we could just make a huge list of offending numbers and they would be blocked.

  15. The underlying Problem is the US regulations. Why is faking of caller IDs even possible? Phone providers could block that! With arbitrary faking spammers just need to pick the right caller ID from the whitelist.

    This is a US problem only …

  16. My wife and I have taken to only answering the landline phone (I need it to use a captionphone for my hearing loss) if someone we recognize is leaving a message on the machine. Works very well and we can tell where there are a lot of hang-ups from likely telemarketers. Doctors have been very good about leaving automatic messages about future appointments and other concerns. Our kids’ school knows how to reach us on our cells.

  17. online database, caller id with database access, pick up the phone, its spam, hit the spam button on caller id, added to spam database, no one else get the spam after a few spam reports.

    1. Also should be able to review list of calls and choose which ones to add to the “black” list–after the fact (post call). The TCPA only says it’s legal for political, religious, certain non-profits, to call you, BUT they don’t have a right to talk with you

    1. Unfortunately, telemarketers still get through and I’ve been registered for years. You can report them to the registry, so hopefully telemarketers are slowly losing. However, not everyone bothers to go on the registry, so telemarketers have plenty of victims.

  18. How about we get apps for consumer complaints websites such as Callercenter.com available on our phone, too? Since these sites are filled with information about nuisance and scam callers, when a reported phone number calls, the app can just ring an alarm about the caller and display the report. With that, the recipient is alerted. And most importantly, what’s nice about this idea is that the recipient will never have to pay for it or buy a new phone to stop unsolicited calls. We already have too many things we’re spending money on, let this problem with the telemarketers not add to it.

  19. That’s the same underlying concept as my submission to the contest although mine doesn’t include the fancy music. The same short coming exists for both, wanted robo calls can not make it through. (the dentist reminding you of your appoinyment).

  20. Simple 3 step solution for robo calls.

    1. Dial a number that is no longer in service.

    2. Record the tones and message you receive.

    3.Place this as your voice mail message
    and at the end, add your real voice mail message.

    The robo computer thinks it is no longer a valid number
    when it hears the tones and disconnects.

    Robo discards the number.

    Now, you are no longer in their database.

    Just make sure friends and family are aware of this
    and not to hang up until they reach your real voice mail message.

    It works for me and it is cheap. $0.00

      1. It works. I used to have the “this number has been disconnected” message on my answering machine in the 1990’s and everyone I knew knew about it so I only got messages and eventually any calls at all from people I wanted to talk to.

  21. For those suggesting getting rid of the trusty old land line, it might be good to remember that land lines are the safest phones to talk on if you want your conversation to be private (unless you’re using a cordless land line, in which case you might as well shout your conversation from your roof), and I mean safest from a surveillance perspective. No warrant is necessary to listen to cordless/cell calls since you’re broadcasting them all over the place but a warrant IS required to listen in on a land line.

    Then there’s the cell network outage problem (it only happens when you REALLY need to use your cell, of course), and finally I rarely if ever get robocalls on my land line (playing the “We’re sorry, this number has been disconnected or is no longer in service…” message I recorded after calling my old number once I’d disconnected it still works, apparently) but I am constantly blocking new ones from my cell.

    Oddly enough, the number of robo calls on my cell spiked after I my number was added to the Do Not Call list (which should be renamed the “Verified Suckers List”). I sure feel like a sucker for signing up, anyway.

  22. There’s a lot of companies that use automated messages my vet reminds me of appointments, my electric company lets me know when my auto payment goes through, and my city lets me know about bad weather. Can these be given special permissions or something?

    1. Hi Nandom,

      In the video I talk about the second half of my solution allowing legitimate robocalls through via two methods: the keep-alive white list system for internet-connect users, and
      blind dial code authentication for localized users. You can see it at 54 seconds into the clip.

      Hope that helps.

      – Alex

  23. Problem solved, all telco’s create a system where you key a code into your phone while on the call that allows them to charge the caller $5 or so on their bill if a set threshold of charges is reached (say 100 or so).

    then all everyone needs to do is key that code when a telemarketer calls them

  24. I dont think I have had a robocall to remind me of anything, ever. Places normally text about that sort of thing.

    As for the network crapping out when you need it, have another phone on a different network perhaps?

    I seldom bother even calling people on their landlines, since you are calling a place and not a person and chances are they are not at that place. Infact most people know the best way to get intouch with me now is on facebook messenger since that will pop up on every device, and is more reliable than skype.

  25. ChuckT is right. Some humans from the robocall center will listen into the calls and send the tones neccessary. Having said that – a lot of people would have to be using this system for it to be standard for all robocallers to know how to overcome it.
    Still worth while IMO. I’ve got a car alarm, a house alarm, a bike lock. None of those things stop your house getting broken into or your car and bike lock being stolen…..we’ve all got them though and they provide some level of security from more opportunistic, less sophisticated criminals….which some robocallers are.
    And it’s on the Pi. Don’t forget the Pi :)

  26. Nice idea but it may cause problems for some real people. In the example of its use I couldn’t make out the first of the four digits of the sequence even after listening to it twice.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.