undefined | Better HN

0 pointsHeatrayEnjoyer2y ago0 comments

If it's authenticated how can one telco sign a call with the key of another telco?

0 comments

There is (or was) no authentication within the core of the public switched telephone network, since it was designed at a time when that was impractical and physical infrastructure was assumed to be reasonably secure. So you don’t need to fake signing, you just say “Hey, +1-555-555-5555 roamed onto my network and is making a phone call” and the recipient takes this at face value. (“Blue boxing” to fake the phone system into giving you free long distance phone calls worked for similar reasons.) STIR/SHAKEN is supposed to fix this, though I don’t know how far along implementation has actually gotten.

HeatrayEnjoyerOP2y ago

What happened that made it insecure?

I've heard of stir shaken but I recall FCC ordered it mandatory multiples years ago. Did that not happen?

xorcist2y ago

They let untrusted people in on the trusted network, basically. Telcos are no longer considered national security. Privatization has given us a cheaper and better communication, but security hasn't always kept up.

The authencation above is between the terminal and the location registry (simplified, there are several other components involved). Not internationally between the telcos.

j / k navigate · click thread line to collapse