Read the story. Notice that the call came from an unknown number, and the scammer was playing the role of a kidnapper calling from the kidnapper's phone, and the "authentication" was the daughter's faked voice. There's nothing the telecom system could have done about that. This particular attack circumvented any possibility of "telecom security" being useful. And if "telecom security" gets better, there's more incentive for scammers to keep finding ways to make it irrelevant.

If you want a technical solution, you have to demand that a person always contact you from their own device as "2FA", or at least that they some kind of 2FA device on them... except there are a billion ways that somebody might lose access to such a device when they were in genuine trouble, and scammers are totally capable of making it look like one of those scenarios has happened.

You're really down to the point where people have to do "mind to mind" authentication with shared secret knowledge... while under extreme stress... in a case that's uncommon enough that most people will not have practiced it.

This is not so great.

This is just what GP called "modern street smarts". People won't keep getting fooled like this for long. Just like people had to learn to stop trusting everything they heard on TV, and learn to stop trusting every pop-up on every website. We will develop new habits, such as what you call "mind to mind authentication" or verifying through a separate trusted channel.

So, here's the thing: I have a 15 year old daughter. If she were actually snatched by a kidnapper and threatened with rape/murder/whatever, I am not absolutely sure that she would remember and execute a "code word" protocol. Especially not a protocol that had the extra measures to help keep it from being subverted in various ways, but maybe not even a very simple protocol.

Not sure enough to feel really comfortable betting her life on it, anyway. Not if we hadn't drilled it on a daily basis for weeks and a weekly basis for months.

It's easy to blank on things when you're adrenalized, say if you've been kidnapped. And it's also easy to blank on things when you're adrenalized because you are hearing the person's voice saying they've been kidnapped.

... and if I asked a scammer pretending to have kidnapped her to let me call her on her phone, I would expect to get the obvious reply: "I threw her phone away. I'm not dumb enough to let you track me/her/us through it". Which is totally credible because that's what a kidnapper should do.

When you get the call, the strong prior probability is that the whole thing is a scam, but that's not so easy to hold onto in a situation like that. And even if you do hold onto it, you will be scared.

Oh, and on edit: Yes, I expect I would keep it together enough to call her on her phone to check, since if she hasn't been kidnapped there's nothing stopping her from answering it. I don't know if I'd expect that of others. But it's also true that if I call her, and nothing is actually wrong, I still expect about a 50-50 response rate because she doesn't hear the thing, has it on mute, or is in school and forced to keep it in her locker, or has let the battery run down, or whatever.

If millions of people start getting fake kidnapping calls every day, then I'm sure we will stop falling for it quite soon. There's a limit to how many days in a row you will keep sending money to every random AI-empowered guy calling to convince you he has taken your daughter, only for her to return home from school like normal just a few minutes later.

I don't think it will be long before video and audio is no more convincing than text is now. We will stop falling for the AI scams, just like we (most of us) stopped falling for the Nigerian princes, scam ads/virus popups on the web, and those fake emails from family members claiming they need us to wire money so they can pay for a flight home or whatever. Basically, my thesis is that people will start to get wise to any scam that is sufficiently common and harmful.

Real kidnappers might have to learn to work to convince the families that the kidnapping is real and not just another scam.

Or maybe everyone should define and share in a very personal circle a "proof word" when in distress. Our family has already done so.

And what happens when someone surfaces a video of you spouting off racial slurs or running down a street naked, generated literally with a simple text prompt? Do you think your employer, colleague, or even spouse will take the repetitional risk of sticking around even if the video is completely AI-generated?

Every piece of communication will have to be signed to verify authenticity.

Camera makers are already looking into embedding authentication technology at the hardware level.

It's an inevitability.

All a digital signature can prove is possession of a secret, it can't prove that some process was followed in generating an image.

It's impractical to have authenticity enforced by millions of consumer devices. If any random manufacturer in a third-world country can generate millions of valid signing keys to be embedded in millions of cheap phones or cameras, then there are many employees there that can also leak a bunch of valid keys if the price is right, and these keys can sign anything in a way that's indistinguishable from all these cheap cameras. And if you revoke the signatures of any "untrustworthy" manufacturers (really, any manufacturer can be and will be compromised, especially if some governments want to manufacture propaganda), then people won't stop using the phones/cameras just because their signatures aren't considered kosher, you'll still have millions of people uploading genuine, valid images from these cameras, so either people will have to trust invalid signatures or refuse lots of benign content, and I'll bet most people will choose the former one.

And of course a camera doesn't know if it's taking a picture of reality or another picture - it would take a relatively simple optical setup to allow any camera to record (and sign) an image off of another screen, so if some authenticity-verification system was actually working and popular, any reasonable criminals would do it and have signed recordings of their deepfakes from a real major brand camera.