20.5k unique visitors in the last 3 days

Embedded SIMs, Blocking URLs in SMS, and FBI Comms Surveillance: Episode 9 of The Commsrisk Show

We spoke with testing expert John Davies of BluGem about mitigating the commercial and security risks surrounding eSIMs.

The success of The Communications Risk Show has taken our entire team by surprise. Before the season began, our hope was that one of the episodes might attract a thousand-strong audience for the first time since we began experimenting with live online interviews in 2019. Every episode in this season so far has attracted well over 1,000 viewers, all but one has surpassed 2,000 viewers, and the most popular has just topped 3,000 viewers. We like to think this is because we are talking about important new topics that have not received sufficient coverage elsewhere. That was certainly the case with yesterday’s show, with John Davies of BluGem (pictured above, right) providing expert analysis of how to mitigate risks surrounding embedded SIMs (eSIMs), the new chips that are being used to store authentication information on networked devices. Whilst eSIMS have some advantages over traditional SIMs in terms of security and revenue-generating potential, there are also some signs of security weaknesses remaining unaddressed and comms providers placing limits on how they are used commercially.

The quality of debate in some professional circles may be stagnant because problems and solutions are only discussed when somebody has a solution they want to sell. That certainly seems to be a problem with smishing, a form of deception where misleading SMS messages encourage victims to click on a link to a phishing website. Smishing is a massive global headache and a range of expensive filtering solutions keep being proposed, though there is one very cheap and simple way to eradicate all smishing messages: do not allow anyone to send an SMS with a hyperlink in it. That is the approach recently adopted in Malaysia. It deserves a fair hearing although Malaysia’s decision received instant criticism from various quarters of the communications industry. That is why we chose to discuss both the pros and the cons of taking such radical action.

It is always important to have voices that challenge authority and this has become especially apparent following repeated allegations of law enforcement agencies misusing the power to gather data from communications providers. It should be good news that there has been a 95 percent fall in how often the Federal Bureau of Investigation (FBI), the national police force for the USA, engages in warrantless gathering of comms data. But the recently released statistics also beg a serious question about why the FBI felt it was necessary to gather so much comms data before. We debated how much the reduction was due to political pressure, and if the monitoring peaked in 2021 because COVID-19 was treated as an additional reason to surveil a wider cross-section of the American public.

Next Wednesday’s show will feature world-famous telecoms hacker Karsten Nohl talking about the security vulnerabilities when comms providers run their operations in the cloud. Be sure to tune in to the livestream on tv.commsrisk.com at 4pm UK time if you want to ask a question. If you miss the live broadcast then the recording will always be available soon after. You can replay the recording of yesterday’s show below.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email