Stories like this just reinforce my belief that AI will destroy us all. Not with a cool robot uprising like Terminator or Blade Runner, or even enslavement of humanity like the Matrix or Wall-E. We get the stupid future, where civilization ends when a Reddit shitposter creates a Trump-flavored chatbot and convinces the joint chiefs that they need to send him the nuclear codes via Signal because you can’t text on the red phone.
I guess Signal’s probably less-prone to letting attackers pose as other people than the phone system, but the phone system is abysmal.
Could probably benefit from some sort of trust system(s), like X.509 certs for organizations, or GPG keys for a distributed web of trust or something, and adoption of calling practices that aren’t vulnerable to this. Needs to be a few simple steps that people can be told to follow, not a constantly moving target that requires information security familiarity.
Or you know… bear with me on this crazy idea (obviously for government not us), Maybe we need to… make sure government communication uses government infrastructure. Of which the government can directly trace, and identify who is in etc…
Nah
The fundamental flaw with the phone system is it’s all or nothing. It’s difficult to get in, but once you’re in there’s zero controls (DNS used to and somewhat still does also suffer from this).
STIR/SHAKEN should have resolved this. Unfortunately, telecom carriers didn’t do the last step of banning any telco (mostly VoIP providers) prone to allowing scammer accounts in. They’d also have to filter US numbers calling in from other countries to validate and ensure they are real.
All of this being work, and telecoms, especially those in the US, hate doing work.
The phone system doesn’t have a way to identify people other than Caller ID, and that’s vulnerable to various forms of spoofing.
