The use of telephone communications to deceptively extract sensitive personal or confidential information from a victim, or to deceive a victim into installing malware that enables breaches into an organization’s digital infrastructure, has led to significant financial losses and security compromises to consumers, corporations, and government organizations. A recent study by the Ponemon Institute reported that 67% of Global 2000 organizations had a data breach originating from employees’ mobile devices, and an average enterprise spends up to $16.3 million per year to investigate, contain, and remediate such attacks . With over 50,000 mobile devices in use at the average Global 2000 company, malicious attackers are presented with diverse entry points into the corporate digital infrastructure. Government agencies face additional risks with the potential for compromising national security. A real world example is the incidence of 28 fake distress calls that sent the Coast Guard scrambling off the Maryland coast, resulting in $500,000 in wasted taxpayer dollars and the diversion of precious resources away from real emergencies . From a consumer perspective, roughly 27 million American adults reported losing $7.4 billion to phone scams in 2015 alone . Currently the average American adult receives 15.8 scam phone calls per month , and the Federal Trade Commission reports that 77% of its fraud complaints involve phone calls . Average losses vary by the type of scam, with sophisticated scams like the IRS scams averaging over $5,000 in losses per victim . A common element of these attacks is the attacker’s ability to leverage weaknesses in authentication capabilities of modern telephony systems and to deceptively assume a trusted identity. With the simplicity of caller ID spoofing and the growth of VoIP calling, attackers can spoof any desired caller ID, change their caller ID for every call, and place millions of VoIP calls around the world simultaneously, all while enjoying the protection of being nearly untraceable.
To counter such threats, the US Department of Homeland Security (DHS) has several efforts underway to lower the risk and the impact of potential attacks, including efforts to protect government employees’ mobile phones from attack or breach . One such R&D effort is currently underway at Illuma Labs LLC, supported by the DHS Science and Technology Directorate’s Cyber Security Division under a Small Business Innovation Research contract. We at Illuma Labs are working on developing an innovative real-time authentication system that leverages advanced audio signal processing and machine learning techniques to determine legitimacy of the incoming call. This will be the first authentication system of its kind available to end users outside of an enterprise call center setting, and is expected to find broad use across government, corporate, and consumer sectors to protect against the growing incidence of fraud, scams, vishing, and data breach attacks.
Illuma Labs was founded in early 2016 with a focus on software R&D and consulting services for intelligent systems, leveraging expertise in signal processing and machine learning techniques. We aim to bring advanced analytical and decision making capabilities to a wide range of end equipment, enabling them to understand their environment and to intelligently decide on the best course of action. We have extensive experience designing intelligent systems algorithms and software that have been successfully commercialized across a variety of applications spanning consumer, telecom, industrial, and military end equipment.
In early 2017, we started looking for co-working locations in North Dallas that would offer our company with scalable workspace and direct access to the entrepreneurial ecosystem. We didn’t have to look beyond the Addison TreeHouse. With regular events and speakers, access to mentors, advisors, investors, and the Addison Economic Development Department, and a clean energetic workspace, the TreeHouse is the perfect place for Illuma Labs to grow. We are excited to join the TreeHouse community and to do our part in helping DHS protect our nation against cyber-attacks.
The Economic Risk of Confidential Data on Mobile Devices in the Workplace. Rep. Ponemon Institute, Feb. 2016. Web.
Coast Guard Seeks Serial Hoaxer Whose Calls for Help Cost $500,000. Rep. FOX NEWS, 25 July 2016. Web.
"27M Americans Lost Approximately $7.4B in Phone Scams Last Year." Truecaller Blog. Truecaller, 29 June 2016. Web. 03 Oct. 2016.
"Beware of Voice Phishing—or “Vishing”—Calls." Blog post. Voice Phishing. Office of Minnesota Attorney General Lori Swanson, n.d. Web.
The State of Phone Fraud 2014-2015: A Global, Cross-Industry Threat. Rep. Pindrop Security, 2015. Web.
Hoffman, Karen Epper. "DHS Working to Protect Emergency Call Centers against Denial-of-service Attacks." Blog post. GCN, 24 Oct. 2016. Web.