CXTech Week 15 2023 News and Analysis

The purpose of this CXTech Week 15 2023 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech?  The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.

You can sign up here to receive the CXTech News and Analysis by email. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.

Covered this week:

  • Toku has acquired Activeo Singapore
  • March RTC Security Newsletter
  • Big Tech’s big downgrade
  • Sinch appoints Laurinda Pang as CEO
  • Banks hit with biometric fraud, fake mobile driver’s licenses
  • Remitly for Sending Payments to Nigeria
  • FBI comes right out and says it: Don’t plug your phone in at airports
  • People, Gossip, and Frivolous Stuff

 Toku has acquired Activeo Singapore

In 2022 Toku announced their contact center service. They initially positioned as a CPaaS, given 8X8 bought Wavecell for $125M in 2019. But were unlikely to see such valuations repeated. Then they focused on the Microsoft Teams opportunity in Asia as the ‘calling bit’ is quite complex compared to North America. And then announced their contact center solution in 2022. Delivering programmable communications across UCaaS, CPaaS and CCaaS. As I said in this article, it’s all just programmable communications.

This latest move adds workflows and implementation processes around their comms platforms. Toku has about 80 people and Activeo is about 66 people. We’re entering an interesting phase in programmable communications. The large enterprise comms / network / IT providers, e.g. Cisco and Microsoft have the momentum of incumbency and ecosystem. RingCentral focuses on packaged solutions to specific verticals and channels, e.g. through carriers; similar to how Twilio packages its solutions, e.g. FLEX through local integrators.

And around these giants lots of providers focus on segments, e.g. Sangoma delivers a broad and straight-forward package of enterprise comms solutions. In Asia enterprise UC/CC has often been a tough sell, the mobile phone is often considered good enough, making an incremental $15 per seat per month UCaaS charge a hold-point. However, the focus of Toku/Activeo is more on the contact center. Across Asia there’s much more variety of implementations emerging as messaging grows in acceptance, compared to traditional voice for customer care. So Toku / Activeo will be interesting to watch as they navigate the complex and diverse Asian markets.

Companies like and Qiscus are examples of APAC chat companies leading the charge were once voice dominated in enterprise communications. Enterprise communications continues to evolve, just without all the M&A hoopla of the pandemic.

March RTC Security Newsletter from Sandro Gauci

The big news was the 3CX Phone Client turned into a trojan. Sandro’s newsletter provides a good review.

TADSummit Special: The EU Cyber Resilience act

The CRA (Cyber Resilience Act) is new legislation that is coming to the EU that enforces a certain level of security for products in the market. Sandro and Olle E. Johansson, were invited to talk about how this relates to the IP Communications world. The session was split as follows:

  1. Olle first gave an excellent introduction about the Cyber Resilience Act.
  2. Sandro presented my mindmap which shows VoIP & WebRTC vulnerabilities in relationship with the CRA’s requirements.
  3. Olle gave a presentation of how this all applies to IP Communications.

It was not a short session and packs a lot, taking an hour and a half in total. If you are involved in VoIP and IP Communications, then you should be interested in the CRA – please do watch the whole thing.


VoLTE and 5G RCE in Samsung and Pixel phones

The Google Project Zero team have published an advisory on 18 vulnerabilities in Exynos Modems (chipset) produced by Samsung Semiconductor. These vulnerabilities affected Voice-over-LTE (VoLTE) component of the modems. Based on a cursory analysis of the public advisories, it looks like the security researchers found vulnerabilities in the following areas:

  • the decoding of the following types of 5G Mobility Management protocol messages (IEIs):
    • Emergency number list
    • Extended emergency number list
    • Operator-defined access category definitions
    • Service Area List
    • Extended protocol configuration options
  • processing of SDP (session description protocol) for the following:
    • video resolution attribute
    • video configuration attribute (2 vulnerabilities reported here)
    • RCS chat
    • accept-type attribute

Big Tech’s big downgrade

Google, Amazon, and Meta are making their core products worse — on purpose

For example the “junkification of Amazon”. I returned several darn tough socks my wife bought for Christmas from Amazon, because they were fake. Google’s search results are increasingly lists of sponsored content. I understand why some claim ChatGPT is the new search as it makes answers obvious, even though they are often partially incorrect, however, it’s working out which is the wrong bit that’s the challenge.

I really like this quote, “the half-assed pivots from the likes of Microsoft, Meta, and Google are trying to graft unproven or nonsensical technology onto their products for the short-term stock boost. Instead of thinking about what’s best for the user, the fad-chasing is creating Frankenstein tech that makes no sense.” That’s where we are today in search, a problem of their own making, being corrected by something that makes the product even worse.

It reminds me of the silliness we saw at MWC last month, which I reviewed in CXTech Week 9 2023. The telecom industry making nonsensical claims and repeating the mistakes of the past. Is this the trend for the next decade, the crapification of the consumer experience. For example, paying subscription fees for things that were once simply included in the price of a car. Or learning how to use prompts and multiple search criteria to get to the information once presented in a straightforward manner. Now TMO has bought Mint Mobile, I am worried about what is going to happen to them. It was such a beautifully simple offer.

Sinch appoints Laurinda Pang as CEO

Laurinda Pang replaces Johan Hedberg, who currently serves as interim CEO, on April 17, 2023.

Laurinda Pang joins Sinch from a recent position as President, Global Customer Success, at Lumen Technologies. Beyond global responsibility for Lumen’s enterprise customer success organization, the role included full P&L responsibility for the company’s International operations and carrier relations, which together employ more than 4,000 people and generate annual revenues of USD 12 billion.

Prior to this, Ms. Pang has held leadership roles spanning Sales, Operations, Strategy, Human Resources and Investor Relations at CenturyLink, Level 3 Communications and Global Crossing. She has designed and implemented several enterprise-wide transformational change initiatives and has played a pivotal role in the successful integration of multiple acquired businesses.

Laurinda brings significant carrier aggregator experience. Which is the crux of the dichotomy aggregators face, innovate like Twilio, or aggregate like a carrier. And given carriers are increasingly getting back into the A2P business it’s an interesting time, as in the alleged Chinese curse, may you live in interesting times.

The OneAPI 2.0 silliness is unlikely the affect the aggregators, they’ll simply play along with whatever the GSMA deems the latest and greatest. Its politics, not business. For all other businesses, don’t bet on OneAPI 2.0.

Banks hit with biometric fraud, fake mobile driver’s licenses

In Louisiana, a man on probation for multiple counts of bank fraud added to his tally, using a state-issued mobile digital driver’s license app to open accounts at as many as nine banks and credit unions. Robert Lee Daniel III also secured a $41,844 loan to purchase a pickup truck, lied about his income, and deposited thousands of dollars in fraudulent checks.

In India, insufficient biometric data also led to vulnerability in the Aadhar system maintained by India’s Unique Identification Authority of India (UIDAI). IDs created without face biometrics matching allowed criminals to generate multiple IDs with the same photo, using fingerprint data acquired from authorized agents.

A dozen bank accounts were opened with fake Aadhaar cards all bearing photograph of the same person, Delhi Police discovered.

In September 2022, the UIDAI announced that it was adding a liveness detection feature to Aadhaar to detect real fingerprints and fake silicon copies. But police in Delhi found that the system also failed to differentiate live fingerprint biometrics from silicon copies provided by the agents. Furthermore, its iris scan verification tool could not recognize colour printouts provided instead of actual eyes.

Identity verification will remain a significant challenge, and hence opportunity in programmable communications.

Remitly for Sending Payments to Nigeria

I’m often sending cash prizes to parts of the world where ‘princes’ find themselves temporarily strapped for cash 😉 I have had some funny conversations with Western Union agents checking I’m not a sad old man being conned. Given the restrictions on transfers to Nigeria, I’ve found Remitly surprisingly easy. Easier than Wise or Western Union.

FBI comes right out and says it: Don’t plug your phone in at airports

So called “juice jacking”. I’ve never charged my phone on an anonymous USB cable, ever. Though I have plugged my charging cable into the USB port on a plane. It’s possible the plane’s entertainment system could get hacked. Though hotels / trains are more likely to get skinned like credit card readers. Though the economics do not seem as attractive as with credit cards.

People, Gossip, and Frivolous Stuff

Jaime Casero joins Fernando Mendioroz at 1NCE as a Senior Cloud Solution Architect. They worked together at Telestax many years ago. Its great they’re working together again 🙂

Neil Stratford has left Speechmatics and is now thinking about what next at the intersection of RTC and AI.

Kampamba (Kampsy) Chanda has joined YGO ( based in Berlin, as a Software Developer with Focus on the Frontend. Kampsy took part in TADHack Global 2021.

 John LERUSTE is now a Cyber Security Consultant at CS Novidy’s.

Preston Gilmer is now Director, Product Development Lifecycle (PDLC) at Optum, a health care provider. I’ve known Preston for over 20 years, all the way back to Sigma Systems.

Upekha Atupola is now a PHD Candidate at University of South Australia.

Eloy Coto Pereiro is now Principal Software Engineer at Red Hat.

Graham Wallington is now Chief Business Officer at NatureEye.

Sean Heiney has left Signalwire.

You can sign up here to receive the CXTech News and Analysis by email.