Embedded SIMs, Blocking URLs in SMS, and FBI Comms Surveillance: Episode 9 of The Commsrisk Show

The success of The Communications Risk Show has taken our entire team by surprise. Before the season began, our hope was that one of the episodes might attract a thousand-strong audience for the first time since we began experimenting with live online interviews in 2019. Every episode in this season so far has attracted well over 1,000 viewers, all but one has surpassed 2,000 viewers, and the most popular has just topped 3,000 viewers. We like to think this is because we are talking about important new topics that have not received sufficient coverage elsewhere. That was certainly the case with yesterday’s show, with John Davies of BluGem (pictured above, right) providing expert analysis of how to mitigate risks surrounding embedded SIMs (eSIMs), the new chips that are being used to store authentication information on networked devices. Whilst eSIMS have some advantages over traditional SIMs in terms of security and revenue-generating potential, there are also some signs of security weaknesses remaining unaddressed and comms providers placing limits on how they are used commercially.

The quality of debate in some professional circles may be stagnant because problems and solutions are only discussed when somebody has a solution they want to sell. That certainly seems to be a problem with smishing, a form of deception where misleading SMS messages encourage victims to click on a link to a phishing website. Smishing is a massive global headache and a range of expensive filtering solutions keep being proposed, though there is one very cheap and simple way to eradicate all smishing messages: do not allow anyone to send an SMS with a hyperlink in it. That is the approach recently adopted in Malaysia. It deserves a fair hearing although Malaysia’s decision received instant criticism from various quarters of the communications industry. That is why we chose to discuss both the pros and the cons of taking such radical action.

It is always important to have voices that challenge authority and this has become especially apparent following repeated allegations of law enforcement agencies misusing the power to gather data from communications providers. It should be good news that there has been a 95 percent fall in how often the Federal Bureau of Investigation (FBI), the national police force for the USA, engages in warrantless gathering of comms data. But the recently released statistics also beg a serious question about why the FBI felt it was necessary to gather so much comms data before. We debated how much the reduction was due to political pressure, and if the monitoring peaked in 2021 because COVID-19 was treated as an additional reason to surveil a wider cross-section of the American public.

Next Wednesday’s show will feature world-famous telecoms hacker Karsten Nohl talking about the security vulnerabilities when comms providers run their operations in the cloud. Be sure to tune in to the livestream on tv.commsrisk.com at 4pm UK time if you want to ask a question. If you miss the live broadcast then the recording will always be available soon after. You can replay the recording of yesterday’s show below.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.