top | item 42472198

(no title)

As someone who's worked in the wireless messaging / telecom industry, the "Salt Typhoon" news came as absolutely no surprise. The major U.S. carriers don't have the capacity or talent to deal with the more mundane threats of spam and scam calls / texts on their network, much less attacks by state-sponsored actors. For instance, there are only a handful of people (i.e., fewer than 5) who work in the wireless messaging (SMS, MMS, RCS) group at each carrier, and while well-intentioned individuals, there is a profound mismatch between their skills and capabilities and the responsibility of managing these telecom channels with massive consumer penetration (compare the 1000's of highly compensated engineers working at WhatsApp, FB Messenger, etc.)

And there's no incentive for the carriers to care. Sure, they get yelled at by Congress and the FCC every now and again, but since they're all roughly in the same boat there's zero competitive advantage for them to invest the tens of millions of dollars+ it would take to build out their security capabilities. Their lobbying arm, the CTIA, is funded by tens of millions of dollars in short-code messaging fees and they have bought an iron grip on the FCC and relevant Congressional committees that ensures any enforcement effors are only a wrist slap. Consumers also largely don't seem to care.

So until something dramatic happens, you should assume that voice and messaging traffic flowing through the U.S. wireless carriers is completely exposed.

discuss

No comments yet.