Techly NewsGet the app

Get the latest tech news

The insecurity of telecom stacks in the wake of Salt Typhoon


Towards the end of last year, we learned that a group (allegedly affiliated with the Chinese government, referred to as “Salt Typhoon”) breached T-Mobile and other telecommunications co…

In a previous life, I worked with companies that used Asterisk and FreeSWITCH, but I’d never really looked into them beyond the surface-level familiarity congruent to “this uses a similar protocol as RedPhone, somewhere” (this was when Signal was still called TextSecure). I highly doubt they’re all paying for enterprise support, so we’re talking about potentially thousands of telecom stacks around the world that SignalWire has decided to keep vulnerable until the Summer, even after they published the patches on GitHub. While such a decision might be perfectly legal, it really does not inspire trust in the stewards of this software project to give a shit about the harm their careless coding practices inflict upon their users.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of wake

wake

Photo of Insecurity

Insecurity

Photo of salt typhoon

salt typhoon

Related news:

News photo

It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills

News photo

MITRE Caldera security suite scores perfect 10 for insecurity

News photo

China's 'Salt Typhoon' Hackers Continue to Breach Telecoms Despite US Sanctions

« Man with artificial heart survives over 100 days outside hospital
Gemma 3 Technical Report [pdf] »