| I agree with you if you are saying Telcos have no economic incentive to take any security posture for their customers. Regular users cannot fathom that the service they pay for is somehow able to be manipulated and that their communications can be redirected arbitrarily without legal order via technical means. It is known that there are security issues with ss7 specifically [0][1][2] and the global telecom network was, it seems, never secured. I would conjecture that there are some other problems with mobile phones[3] some that we are not aware of. I also am in lock step with your claim that this should not be surprising. Telcos are indeed not paid for security. The security of the telephone network must not be counted on. In fact, military and government business must often be executed on special non-public phone exchanges or SIPRnet. Telcos do not offer any security guarantees, and are rather obstinate toward any demands such as this. Negotiating a more secure service is impossible. >So it is rather odd to hold telcos reponsible for the failure of some security mechanism they where never part of. It is certainly not odd. If the general public wakes up and their assigned phone numbers are meaningless, all of their customers will be unhappy, it simply wouldn't pass the sniff test of a 6-year-old. However, there is positively no incentive for anybody to shop for security in this space. Few living people believe or can even fathom that there could be a problem with using their phones in this manner. Despite the public fraud[2] that has been enabled by the Telco's apparent lack of any security engineering, the market is not providing any security mechanisms for this, I would imagine in part due to the concessions on interoperability made during the development of these global telco protocols. There (appears to have been) zero work done for the security of this critical system. Customers do not recognize any possible threats, telcos have no interest in improving their networks in this regard, the US government has developed a nickel allergy towards telco regulation in the 30 or 40 years following the 'Bell conclusion. Finally telco's don't care to change, and if they did there would be decades long disputes regarding implimentation. No, it is wholly unsurprising to find an entrenched, obstinate partner in this field. [0] https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabi... [1] https://simjacker.com/downloads/technicalpapers/AdaptiveMobi... [2] https://arstechnica.com/information-technology/2017/05/thiev... [3] https://www.schneier.com/blog/archives/2016/09/leaked_stingr... |