How can we continue to reduce fraud while still serving folks who are using the system legitimately?
weird. i use a voip phone service, but twilio identifies it as a landline. maybe you're not using a fixed location voip service?
It's basically rejected from every messenger, I can't use it with paypal or banking, etc.
Those are UK mobile numbers, with SIP for voice and webhooks for texts, and all lookup tools I've found recognise their numbers as "Three" (a mobile carrier in the UK) mobile numbers.
I am not actually sure how those guys interconnect to Three, it could even be literally a bunch of GSM modems with real SIMs in it. My long-term plan is to get rid of the middleman and become a carrier myself (get a number range allocated by OFCOM, UK's telco regulator) and offer both SIMs and API-driven numbers (with no way of distinguishing which is which from the outside).
Just out of curiosity, what do you use MMS for?
Do you have any partners in the US?
Pretty much all telephony is VoIP for at least parts of the call chain, though there are still even analog circuits in place; here are some numbers that lead to analog switching gear: http://www.binrev.com/forums/index.php?/topic/48166-ukrainia...
The biggest roadblock there is that the scammy telco industry's entire business model is based on charging through the ass for what is essentially a 8kbps voice channel. Doing calls via IP would cut that revenue stream and would put a lot of irrelevant people out of a job so it'll be very hard to succeed, though I fully support the idea - it's complete heresy that I can download a 1GB file across the Atlantic for pretty much free but a 12 hour call that would total maybe 40MB would cost a ton.
Do we need them to survive? They can and should go the way of the dodo and leave place for ISPs instead.
> and when I talk to people on wifi it's never as good as a phone call
That's a side-effect of crap Wi-Fi gear, but can be resolved by placing the call over LTE and using stuff like MPTCP to combine both the Wi-Fi and LTE connection. In fact, VoLTE is essentially SIP (which is IP-based) over LTE, so there's a good chance you're already using an IP system and not realising it, which I guess proves the point that it's good enough if not better than legacy circuit-switched calls.
https://en.wikipedia.org/wiki/PhONEday / https://en.wikipedia.org/wiki/Big_Number_Change
I had this phone number for over 4 years.
So, instead of fixing those systems, I guess the idea is to adapt phone numbers to the faulty assumptions made about them.
The only bad scenario was if they somehow got hold of real mobile numbers that real people were actually using before but that were lapsed and got recycled, without those people removing the numbers from, say, their Gmail accounts.
Many people have access to your SMSs. One bad actor at your phone provider, the sms gateway, spoofing your sim, a bad app, or someone casually observing your lock screen are a couple I can think off have, but I'm sure the security experts know many more ways than I do.
> Hey I'm one of your roaming partners and this phone here is roaming on my network, can you send me their calls & texts?
> Sure mate, here they are, enjoy!
Can you elaborate? SS7 is signaling. You can't request a Telecom provider to just start send you all someones calls and texts via SS7.
The SMSC routes an SMS to the IMEI of the phone.
I was simplifying, but how roaming works is that on every call a mobile number from the visited network is assigned to the SIM, and the host network is instructed to send the call there; in the case of an attacker I expect them to be able to use this mechanism to send calls anywhere they want.
They could also most likely fake USSD which is I believe used behind the "Call forwarding" toggle in your phone's settings.
There are plenty of SS7-related demos & presentations posted here on HN, I suggest you use the search and find them, the people making those have much more experience than me in the field and you're better off with then rather than my half-assed explanations, but the point is, call and text interception is possible, among other nasty things (silently tracking a phone' approximate location, DoS, etc).
IIRC, the paging channel is a broadcast channel that was originally used to send short message to a handset to advise them of an incoming call and to request a private channel to receive it. It had lots of excess capacity so someone had the idea of pushing short text messages over it.
Do they sell a similar service with a private box?
Of course, if they simply provision a list of phone numbers and then give them up and get new ones, the new holders of the numbers won't be happy....
Doesn't work for anything notable with a sole exception of Steam, which will probably blacklist it in an hour.
By the way, looks like you can see the sender's phone number for incoming SMSs by choosing "JSON" as the format.
But I can't find the list they are talking about
Does this get delivered as an SMS to said number? How's the deletion happening on the phone? Do they delete the sms from the phone's SQL lite db that holds sms-es?