WingNews logo WingNews
top | item 46946468

(no title)

maltalex | 21 days ago

The problem isn't the back door. Every telecom company in every country provides access for "lawful intercept". Phone taps have been a thing for decades and as far as I know, require a warrant.

The problem is that telecoms are very large, very complex environments, often with poor security controls. Investing in better controls is hard, time-consuming and expensive, and many telecoms are reluctant to do it. That's not great great since telcos are prime targets for nation state hackers as Salt Typhoon shows.

Hacking the lawful intercept systems is very brazen, but even if the hackers didn't don't go as far, and "only" gained control of normal telco stuff like call routing, numbering, billing, etc. it still would have been incredibly dangerous.

discuss

order

forgotaccount3|21 days ago

> many telecoms are reluctant to do it.

This really buries the lede. Telecoms are reluctant to do it because 'doing' it isn't aligned with their priorities.

Why would a telecom risk bankruptcy by investing heavily into a system that their competitors aren't?

If you want a back-door to exist (questionable) then the government either needs to have strong regulatory compliance where poor implementations receive a heavy fine such that telecoms who don't invest into a secure implementation get fined in excess of the investment cost or the government needs to fund the implementation itself.

maltalex|21 days ago

Yes, telecoms should be forced to invest in their own security if they're not doing it. But the focus on the back door misses the point in my opinion. Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.

ddtaylor|21 days ago

The problem is the back door.

Decentralized systems don't have the same faults.

Just because you want to force a structure or paradigm doesn't absolve it of responsibility for the problem.

Hand waving the problem away because a company is bad at management or scale doesn't change anything.

KaiserPro|21 days ago

you are both confusing two issues.

Yes there is a lawful intercept system that operates inside telecoms networks, that is an issue.

The other issue is that there is no real security inside said telecoms networks. (side note, there is still fucking SS7 floating about)

Salt typhoon is not "just hijacking lawful intercept" its ability to fuck with the network in a way that is largely undetected. Sure the intercept stuff might help, but they don't actually need that. In the same way we learnt about state actors taking complete control of middle east telecoms systems, we can be fairly sure that other state actors have taken control of USA telecoms systems

Both the Executive and congress have done shit all about it, and will continue to ignore it until something happens

maltalex|21 days ago

Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure. Telecoms should be highly secure. Period.