The purpose of this CXTech Week 27 2023 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech? The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.
You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.
Covered this week:
- Mid year Review 2023: The BS in Telecoms is Too Damn High
- Tata Communications has bought Kaleyra
- Reinventing Telco – Innovating beyond technology
- June RTCSec Security Newsletter. Talks on VoIP security, WebRTC server-side attacks and WISH/WHIP
- Why (and How) Phone Numbers Will Outlast Phone Calls
- AWS exec downplays existential threat of AI, calls it a ‘mathematical parlor trick
- Matthew Hodgson is interviewed by Ian King on Sky News about the Online Online Safety Bill
- SentryPeer is Released
- People, Gossip, and Frivolous Stuff
Mid year Review 2023: The BS in Telecoms is Too Damn High
There’s so much to cover this year. I avoided the silliness on WFH (Work from Home) and AI regulation. Rather focused on topics I think are important, yet do not receive enough attention across the industry. In the review I covered:
- The Rise of BS in Telecoms
- IETF Standards to Watch: mimi and vCon
- The Rise of SPAM / SCAM Awareness
- Interesting Newsletters and Events
- Open Source in Telecoms
- TADS, Making a Difference for over 10 years with no BS
What got me riled up was watching the TelecomTV session, ‘Why data and APIs are key to implementing the vision of the digital services provider‘. I found the justification that telcos weren’t ready 10 years ago revisionist. Ideamart (a telco) was ready 10 years ago. Tens of aggregators were ready. Cloud is not a precondition, the market was ready ten years ago, and the need for universal collaboration is a telco industry anomaly that no other industry seems to need. We need to find a way to stop such utter BS being presented without recourse, its resulting in ever decreasing circles and no substantive progress for telcos in an important future line of business.
Tata Communications has bought Kaleyra
I was not expecting this, Tata Communications has bought Kaleyra.
It’s really the only locally politically acceptable choice, though $100M on $340M revenues looks crap. However there’s $300M+ in debt because of investor wheeler-dealing.
Now TCR (The Campaign Registry – a carrier appointed authority for most North American A2P campaigns) is now owned by an Indian conglomerate, with an election year coming up. I wonder who Modi wants to win the US election?
That’s a hot potato I think Tata Communications will look to exit sooner rather than later. I discussed TCR in CXTech Week 23 2023.
Reinventing Telco – Innovating beyond technology
It’s the quote this annoyed me, “Telco saved us during Covid, but it has not changed the dial for the telco.” You know what my retort to such a statement will be.
Companies like Zoom offered their collaboration service for free to schools throughout the US. I remember my son’s elementary school music lessons over Zoom, it was painful, but at least the kids sort of played together.
Many local businesses offered zero touch or delivered to your car on arrival using Twilio’s programmable communications.
Throughout the pandemic I paid my monthly fixed and mobile subscription fees, as I have for the past decade for the decades old services of voice, messaging and internet access. Along with other utility bills such the water, gas, electricity and sewerage.
Telcos did not innovate during the pandemic, the programmable communications industry innovated. They enabled us to carry on living through the pandemic. Zoom became a verb, unlike Verizon, AT&T, PSE&G, NJ Water, or NJ Natural Resources.
As Socrates said, “know thyself is the beginning of all wisdom”, carriers must do the same; learn from history; and fund innovators not squeeze them out of business. Between the TelecomTV video and the framing of the Appledore research it’s no wonder telcos are living in ever decreasing circles.
June RTCSec Security Newsletter. Talks on VoIP security, WebRTC server-side attacks and WISH/WHIP
I made it into the newsletter with the article a referenced on the Mirai botnet from CXTech Week 26 2023. I’m not a security expert, but I do know security experts, and I’m proud I go a reference 🙂
This month’s RTCSec newsletter covers
- Kamailio World, CommCon and OpenSIPS summit presentations of interest
- Our own work especially on WebRTC and WISH (WHIP) security
- More open SIP relay attacks in the wild
- DDoS, botnets and VoIP
- RTC vulnerabilities and fixes in MacOS, iOS, WebRTC and more
Sandro’s summary of what happened at CommCon is great:
WebRTC & Video Delivery application security – what could possibly go wrong?
CommCon is a residential conference in the UK that happened during June, where we had the pleasure to present about WebRTC and video delivery security. The talk was split between providing a high level overview of vulnerabilities that may affect WebRTC infrastructure and actually diving into some of the details. In relation to WebRTC environments, we covered the following vulnerabilities in some detail:
- CVE-2022-0778: Denial of Service vulnerability in OpenSSL
- RTP Injection
- RTP Bleed
- RTP Flood
- TURN relay abuse
Following that, we then looked at the new WISH / WHIP video delivery protocol – how it inherits the security features of WebRTC infrastructure, as well as the same attack surface too. Finally we outlined potential security issues that may affect this signalling protocol and gave examples of our concerns. More on that in the next part of this newsletter!
Anyone wanting to stream the presentations from CommCon is able to do so by buying a CommCon streaming ticket: https://2023.commcon.xyz/live
The presentation slides are made public: https://www.slideshare.net/sandrogauci/commcon-2023-webrtc-video-delivery-application-security-what-could-possibly-go-wrong
And I’l like to draw your attention to this article in the newsletter:
Another Open Relay Scan detected by Kwancro’s honeypots
Our friend Ivan Nyarko published a new blog post about SIP open relay scans that are being detected through his honeypots.
The background story is that legitimate SIP servers were getting blocked by APIBAN, the free SIP blacklisting solution. That is when Ivan started suspecting that these servers were relaying attacker-borne SIP traffic. Thanks to historic data from the honeypots and a bit of investigation confirmed his suspicions. What then followed was further research and a very interesting article. Here are some of the highlights:
- legitimate SIP servers are being used for scanning SIP servers
- the pattern to detect such scans typically consists of multiple
ViaSIP headers and/or a SIP user-agent header that includesPolycomSoundPointIP - he includes a list of vulnerable open SIP relay servers that were abused, which includes OpenSER, Ingate SIParator and OpenSIPS, Icewarp and Kamailio
Why (and How) Phone Numbers Will Outlast Phone Calls
This is an excellent article from Cullen Jennings. The discussion around the topic is also great, shown in the embed below, and linked here.
I agree with Cullen’s principle, “I think the government should move to allowing people and businesses to control their own numbers entirely.”
However, this is a country by country battle, where the regulator and telcos work closely together through lobbyists, turnstyle executives between the two, or familial connections.
The telco ecosystem will expect compensation, they ‘manage and protect’ these numbers, will the end consumer end up paying for this control? And will additional controls be put in place by telcos to limit fraud and abuse from bad-actors, for example phone number scalpers?
Cullen counters with “The only things that give me hope is that the internet sort of removed a significant fraction of telco revenue from long distance, then 1-800, then audio conferencing, then voicemail, then SMS and so on as you know better than I. At the same time the internet generated a huge new set of revenue in the form of data plans and video.”
This will be a discussion topic at TADSummit, draft agenda is here. We have excellent presentations from Guillaume Bourcy and Ameed Jamous around this topic.
- How TelecomsXChange is Transforming the CSP’s Wholesale Business. Ameed Jamous, Founder and CEO TelecomsXChange (TCXC).
- 2FA is (almost) dead, what’s next? Guillaume Bourcy, Founder Oofty.
We recently added 2 excellent presentations from Abhinav Anand, Chief Product Officer at Smartnumbers; and Pierre-Baptiste Béchu, Co-founder & VP of Communications Platform at Aircall. TADSummit is focused on programmable communications for over 10 years, with a no BS policy.
- Smartnumbers perspective: Tackling Contact Centre fraud, Abhinav Anand, Chief Product Officer at Smartnumbers.
- Build vs Buy, a never-ending dilemma in Cloud Communications? Pierre-Baptiste Béchu, Co-founder & VP of Communications Platform at Aircall
AWS exec downplays existential threat of AI, calls it a ‘mathematical parlor trick
I’ve explained it many times, by AI they mean weak AI software that uses a transformer model to present content in response to input content The silliness on regulation is simply rich people trying to protect their investments by hobbling the rise of open source AI.
The quote from Matt Wood of AWS is great, “What we’ve got here is a mathematical parlor trick, which is capable of presenting, generating and synthesizing information in ways which will help humans make better decisions and to be able to operate more efficiently.”
Matthew Hodgson is interviewed by Ian King on Sky News about the Online Online Safety Bill
The chorus against the UK’s Online Safety Bill keeps growing with the addition of Apple.
SentryPeer is Released
SentryPeer is designed to help detect compromised VoIP accounts. These credentials could have been gathered from desk phones, softphones, PBXs and WebRTC services for example. It works by your system always sending us an API call for each phone call (or IP address) you want to check. We then send you back a response with the results of our analysis. You can use this information to block the phone call, or take other action.
After 8 months of Gavin’s evenings and weekends researching, architecting and coding SentryPeer is released.
About SentryPeerHQ: https://sentrypeer.com/about
Fully Open Source: https://github.com/SentryPeer/SentryPeerHQ
Always free: https://sentrypeer.com/pricing (for those that contribute data by running an official SentryPeer node or their own honeypot)
People, Gossip, and Frivolous Stuff
Jacy Smith is now Senior Implementation Project Manager at Delivery Solutions.
Robert Hubbell is now Regional Sales Director at UVeye.
Frazer Barnett is taking the summer off. His last day with Simwood will be July 27th.
Martin Tufft, former Director of IoT for BT, has joined the Stacuity.
Don’t miss UIB Chief Growth Officer Ken Herron and PAiC Business Development Chief Executive Officer and Co-Founder Celeo Arias. October 19-20, 2023. In #Paris! The 1980s gave us Madonna, breakdancing, and #USSD. With over a billion daily active users, USSD, is fast, simple, secure, compatible (with any mobile phone), and cheap!
You can sign up here to receive the CXTech News and Analysis by email or by my Substack.