i've been plagued with robo-calls for about 6 months. it took a few minutes to figure out the first time i got one of these calls that i was talking to a machine. the machines do a fairly adequate job of carrying on a conversation, but if you are paying attention, you can figure out it's not a real human. once i figured out that it was a machine it was easy to get rid of most of them using their menu option for "do not call" or answering questions by saying "do not call". i finally got the number of machines down to one, and i could tell by the area code and exchange that it was the same machine (they kept rotating the last 4 digits to keep from getting blocked) calling me every day. so, i did some research into what software they were using, and found the software packages combine speech recognition and an SQL database. combining speech recognition and SQL? what could possibly go wrong???? so, i tried the following phrases to answer questions:
"semicolon drop table names semicolon"
"semicolon drop table campaign semicolon"
"semicolon drop table calls semicolon"
i haven't had a robo-call since. i don't know whether i actually broke the bot, or just freaked out a human operator that was listening while the bot made calls, but i have not been called by the bot since then. robo-calls to sell you something or to gather personal information are illegal in the USA, and some of these bots ignore "do not call" lists and spoof their caller ID data to bypass blocking.
as a bit of explanation how this works, is, if as an input to an SQL database a semicolon is inserted, what comes after the semicolon is a command, and the second semicolon finishes the command. this is called SQL injection. there are a few well known examples of this type of messing with a database, the first is this cartoon, another example is this crazy license plate, and a computer security company registered this company name. that it might work with speech recognition was a guess made in frustration. so, a guess there might be a table called "answers" or "calls" is kind of obvious, and the table name of "campaign" was based on an open source version of a robo-call bot.
"semicolon drop table names semicolon"
"semicolon drop table campaign semicolon"
"semicolon drop table calls semicolon"
i haven't had a robo-call since. i don't know whether i actually broke the bot, or just freaked out a human operator that was listening while the bot made calls, but i have not been called by the bot since then. robo-calls to sell you something or to gather personal information are illegal in the USA, and some of these bots ignore "do not call" lists and spoof their caller ID data to bypass blocking.
as a bit of explanation how this works, is, if as an input to an SQL database a semicolon is inserted, what comes after the semicolon is a command, and the second semicolon finishes the command. this is called SQL injection. there are a few well known examples of this type of messing with a database, the first is this cartoon, another example is this crazy license plate, and a computer security company registered this company name. that it might work with speech recognition was a guess made in frustration. so, a guess there might be a table called "answers" or "calls" is kind of obvious, and the table name of "campaign" was based on an open source version of a robo-call bot.