Last week in CXTech Week 12 2021 News and Analysis I covered that Christopher Brown, a TADSummit Americas 2019 presenter, has just launched Okey Monitor. They monitor out-of-band communications such as your routes and carrier settings. If a malicious event takes place, they’ll alert you through alternative forms of trusted communication. They also offer this service wholesale through an API.
You do not need to be SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. In this Vice article, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute messages to him.
How this works is resellers fill out a Letter of Authorization (LOA) which tells their wholesale carrier they have the rights to a number, whilst the wholesale carrier trusts the LOA is reliable. SMS messages meant for you could then be rerouted to a different number, and you would have no way of knowing it had happened. With a SIM swap you can see that service to your phone has been interrupted, whereas this new SMS rerouting hijack would be invisible to the victim. This article discusses it in more depth.
In this video you get to meet Chris and Lucky, Okey Systems, understand the history of how they discovered the problem of SMS rerouting, and why they’re helping the industry resolve it.
The US regulator is biased towards the incumbents, look at how STIR/SHAKEN is implemented, the failure of local loop unbundling, the over charging of American mobile phone consumers by 2-3 times their western peers, the duopoly of A2P SMS interconnect tyntec tried to break, and even successes like number portability are because it was desired by the incumbents. SMS was always the poor cousin of voice, relying on the CTIA. In my opinion there should be a regulated database, not this loose association of FOCCCers (Friends of the CTIA/FCC).