The purpose of this CXTech Week 19 2024 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech? The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.
You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.
- VON Coalition Proposal to FCC on the Removal of TCR
- Podcast 59: TADSummit Innovators, Tim Panton, Pipe, There’s no such thing as 5G
- Podcast 67: Truth in Telecoms, MEF Member Wrestling
- People, Gossip, and Frivolous Stuff
VON Coalition Proposal to FCC on the Removal of TCR
On May 3, 2024, the Voice on the Net Coalition (VON), met via video conference with the Federal Communications Commission. This document summarizes what #VON proposed at that meeting. The companies behind VON are much more than those listed on their website. It includes the likes of Microsoft (hence the focus on #UCaaS, Microsoft Teams), Google, Amazon, Cisco, Vonage, and the carriers. Given that group of companies, this proposal ticks all the politically correct boxes and treads a fine line in asking for action by the FCC by asserting jurisdiction over telephone numbers, not SMS itself.
The purpose of the meeting with the FCC was to discuss VON’s core proposal that the FCC require and oversee a process whereby a neutral, third-party entity is selected to vet application-to-person (“A2P”) traffic on a technology-neutral basis, with policies applied equally to all traffic regardless of whether the traffic in question is initiated via a Unified Communications as a Service (“UCaaS”) platform or directly on a mobile network operator (“MNO”) network. Replacing The Campaign Registry.
This is because #TCR is owned by Tata Communications , a UCaaS provider and SMS aggregator that is not neutral. Global Telco Consult’s TCR (The Campaign Registry) report includes this quote from T-Mobile on their ownership concern:
“Regardless of data protection, there was a commitment to get out of the messaging space to keep TCR proposition ‘clean’.
A relationship meant to be based on trust but ‘built on a lie’.”
GTC Report Slide 23
In the VON document they also state:
“Unfortunately, VON members and the organizations they serve have experienced substantial difficulty in helping these organizations communicate via texting due to inefficiencies and imbalances in the current system for vetting text messages.” We covered this last year in the Messaging Monopolies and Telecom Triopolies posts.
The VON representatives are suggesting that the Industry Traceback Group (“ITG”) could serve as a model for a neutral registration entity, not because #VON is proposing traceback of text messages, but because the FCC played a similar role in selecting and ensuring the accountability of the industry-led ITG. See diagram below.
Click on heading to continue reading the rest of the article.
Podcast 59: TADSummit Innovators, Tim Panton, Pipe, There’s no such thing as 5G
Tim Panton is the co-founder of pi.pe, and a TADS regular. The last time we talked was about the peer-to-peer baby monitor technology pi.pe licensed to a baby monitor company. The learning from that product is customers are not that concerned about the security and privacy of their baby monitors.
Tim pointed to the success of the cloud providers in giving the illusion of security and privacy. The story is also complex as consumers need to understand how the product is inherently secure and private. Plus we’ve all become numb to yet another security breach from a large consumer brand. We’ve even become numb to the spamming and scamming of the elderly resulting in many loosing their life savings.
Back to more uplifting topics. Tim’s been working on an RTC (Real Time Communications) project with racing cars, providing low latency 2 way video communications for driver training across many circuits around the world. Some of his learnings are, drivers do not talk that much, and the big one, there is no such thing as 5G!
What Tim means by that is 4G is always required for 5G to work, unless its standalone, 5G is a bag of technologies, frequencies with variable capabilities, and he’s never come across 5G Standalone, yet. And currently 5G appears optimized for YouTube streaming, not low latency communications.
One of the reasons Tim uses 5G rather than 4G is the additional capacity gives enough headroom for video to work reliably for a car travelling at 250 kmph. Tim targets 350 ms latency, he runs his own WebRTC stack which gives him lots of control for fine tuning performance.
While driver training for race cars is a high value niche, he’s also looking at other vertical applications such as remote supervision for drones and ‘autonomous’ cars. Another interesting niche is ensuring betting events have as close as possible to in-person experience so betting is fair.
He’s not looking for funding, rather partners that can use his close to real-time communications technology to solve regulatory or business operations issues.
Tim also highlights he uses a tourist SIM for this application, the cost per MB for IoT is orders of magnitude too high. I’ve heard this from numerous IoT innovators.
Here are some of the excellent Youtube shorts from the podcast.
Tim Panton, just when you think you’re out, Telco drags you back in
There’s no such thing as 5G
Does the public know there’s no 5G?
LTE on roller skates
Podcast 67: Truth in Telecoms, MEF Member Wrestling
After the success of Podcast 65 across the summary and deep dive videos about TNID, we currently have a total of 1724 views after only a couple of days since publishing. Johnny lured Noah back for a head to head verbal wrestling match on how we can solve the spam SMS problem. Noah is a member of MEF.
Johnny’s opening statement was the MEF members are like suckerfish hanging around carriers/telcos. Until there is regulation, which will take time only the suckerfish can affect change on spam SMS. The current behavior of the mid-tier of suckerfish is squeezing ecosystem members out of the business, and pushing web brands away from A2P SMS.
For example, in Europe some companies are being excluded from gateway SMS deals. While we’ve seen in the US the trials and tribulations of CSPs (Campaign Service Providers) trying to send 10DLC and 800SMS. The ecosystem is trying to remove competition, and smothering the smaller members. While the carriers have nothing to enforce given the lack of regulation, so simply focus on growing their SMS profit center.
Johnny points his finger at Twilio for generating a significant proportion of SMS spam. Which is partially revealed by Syniverse’s recent announcement on the closure of its non-sanctioned 10DLC SMS path. He labels Twilio the 4th largest carrier in the US, though there is an arguement Google could take that crown given it broadband network and running carriers’ messaging infrastructure.
There is also the fighting amongst the mid-tier suckerfish, with Netnumber, Aegis, Proofpoint and MEF running events without TCR present. Tata Communications has TCR up for sale by Lazard Bank according to several sources. None on this is helping tackle the SMS spam problem.
Noah responded by reviewing how we got to here, how the tribal nature of messaging has created many mid-tier companies generating revenues through their association with carriers. And how AI opens up an even greater threats to consumers, which will result in attempts to squeeze even more cash out of consumers.
AI is simply a money maker for the carriers and suckerfish. Noah’s key point is the carriers need help. He describes how TNID, and a little light regulation, could resolve the current problems and protect US consumers.
I raised to Noah the issue one why carriers are not measuring the SPAM SMS problem. His response is when they can measure the problem, they’ll then have to fixed the problem. Hence the current failure to launch in adoption of TNID.
Towards the end of this podcast Johnny and Noah get feisty as they discuss the origins of the TCR, and the challenges going forward.
RTC Security Newsletter April
RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.
What is RTC security anyway? Real-time communications security is what determines if you can safely communicate in real time – whether it be with other humans or machines.
You may sign up to receive the RTCSec newsletter here.
Whenever someone raises the security risks of open source, I use Kamailio as an example of best practices. Being open makes the testing and reporting open.
Security Pitfalls in Kamailio Configuration Patterns
During the 5 minutes 5 slides session at Kamailio World this year, Sandro briefly alluded to having a more complete presentation with further examples of significant security findings from our past security audits of Kamailio environments. The work-in-progress document currently includes the following:
- Open relay via R-URI may lead to SIP amplification DoS abuse and more (CVSS: 9.3)
- Open relay via Route header may lead to SIP amplification DoS abuse and more (CVSS: 9.3)
- Use of the function
avp_db_queryin Kamailio configuration leads to SQL injection (CVSS: 9.8) - The function
dns_queryin Kamailio configuration might lead to DoS (CVSS: 7.5) - Kamailio configured to relay all calls to carrier without any authentication (CVSS: 7.5)
- Remote Code Execution via unauthenticated specially crafted NOTIFY message (CVSS: 10.0)
- SIP MESSAGE does not require authentication, leading to spam (CVSS: 5.3)
- Denial of Service via in-dialog INVITE messages (CVSS: 7.5)
SMS and VoIP logs from Cisco Duo compromised
Independent investigative journalist, Brian Krebs, posted about an email that he received from Cisco Duo about the compromise of SMS and VoIP logs related to multi factor authentication. Various cyber-security media outlets, including Bleeping Computer and Help Net Security covered this incident briefly.
People, Gossip, and Frivolous Stuff
Anton Ivarsson has founded ounding Connectify Networks AB.
Mohan Veloo is now CTO for Asia Pacific, China and Japan at F5. I’ve known Mohan since his time in Oracle.
You can sign up here to receive the CXTech News and Analysis by email or by my Substack.