no mo robo???

i've been plagued with robo-calls for about 6 months. it took a few minutes to figure out the first time i got one of these calls that i was talking to a machine. the machines do a fairly adequate job of carrying on a conversation, but if you are paying attention, you can figure out it's not a real human. once i figured out that it was a machine it was easy to get rid of most of them using their menu option for "do not call" or answering questions by saying "do not call". i finally got the number of machines down to one, and i could tell by the area code and exchange that it was the same machine (they kept rotating the last 4 digits to keep from getting blocked) calling me every day. so, i did some research into what software they were using, and found the software packages combine speech recognition and an SQL database. combining speech recognition and SQL? what could possibly go wrong???? so, i tried the following phrases to answer questions:
"semicolon drop table names semicolon"
"semicolon drop table campaign semicolon"
"semicolon drop table calls semicolon"

i haven't had a robo-call since. i don't know whether i actually broke the bot, or just freaked out a human operator that was listening while the bot made calls, but i have not been called by the bot since then. robo-calls to sell you something or to gather personal information are illegal in the USA, and some of these bots ignore "do not call" lists and spoof their caller ID data to bypass blocking.

as a bit of explanation how this works, is, if as an input to an SQL database a semicolon is inserted, what comes after the semicolon is a command, and the second semicolon finishes the command. this is called SQL injection. there are a few well known examples of this type of messing with a database, the first is this cartoon, another example is this crazy license plate, and a computer security company registered this company name. that it might work with speech recognition was a guess made in frustration. so, a guess there might be a table called "answers" or "calls" is kind of obvious, and the table name of "campaign" was based on an open source version of a robo-call bot.

that's great another point for the good guys!!! ill be sure to keep that in mind next time they call

.... my only solution so far has been to hammer them with return phone calls with my auto dialer (a google play app) until they turn their phones off and go for lunch or rotate the number

What kind of robo calls do you get wher eit actually talks to you instead of just playing a pre-recorded message?

Some times I get a call where there is a message and place for me to record a message back. I placed the phone on top my radio and turned up the volume. A realtor friend told me that his machine has 30 minutes of recording memory. Most messages are very short. "cal me at #### ". His machine; he must listen all the way to the end of the last message before he can delete all the messages. I am now off the calling list.

The new machines now; the computer talks to me and if I like the product then I will connect me to a live operator. The phone rings and rings until they find a live person to talk. I now talk to them about any thing just to use up their time. I got one to stay with me for 30 minutes. I told him that was a new record. He said "!@#^%$*&^)(*&_*(" for about 5 minutes.

Not heard of robo calls before but like the idea of sql injection. I still get cold calls from India trying to sell me medication. I've tried everything, I now ask them to hold while I answer the door. One held over 10 minutes.

Mike.

If it's a live caller "spam call" here in the UK, I usually quote the Communications Act 2003 section 127 & remind them it is a criminal offence to make knowingly false or annoying phone calls.
https://www.legislation.gov.uk/ukpga/2003/21/section/127

Few ever call back.

I will try the SQL stuff on any future automated calls!

[One guy I know has a novel way of dealing with live callers - he says "yes" in answer to everything, no matter what the question or comment, using a very flat voice and drawing out the word.. He says he's had them start to panic before now, it's too far off their scripts and experience to cope with.]

the robo-calls i was getting was a bot that seems to be able to carry on a conversation. the introduction is something like "hi i'm Nancy calling on a recorded line"... the "calling on a recorded line" bit seems to be common to this type of bot. first they ask if you can hear them ok, and if you don't answer "yes" the bot hangs up. if you answer yes, the bot begins answering a series of questions, and this seems to be where the SQL database is interpreting answers. too bad this year's DEFCON conference is over, this would be a really good research project for a DEFCON talk.

I so wish one of these bots would ring me so I could experiment.

Mike.