Connect with us

Privacy

Zoom Sued Over Claims of Security Failures

Published

on

Illustration of video conference by Mohamed Mahmoud Hassan used with permission

June 4, 2020 — Victor M. Rios, associate dean at the University of California Santa Barbara, has filed a class action against Zoom Video Communications, Inc. Rios is accusing the company of allowing a known offender who had been reported multiple times to authorities to Zoombomb a 400-person video conference on April 30.

Rios and other webinar attendees had their computer screens hijacked and their control buttons disabled while they were forced to watch pornographic videos portraying an adult engaging in a sexual act on an infant. Their Zoom call was bombed twice within the matter of minutes.

Traumatized, the participants could not go on with their webinar.

Rios is seeking equitable relief against Zoom for damages, in the form of attorney fees and the implementation of new security policies on the platform.

According to Rios, Zoom profits from a lack of transparency and failure to provide security.

Zoom claimed to provide end-to-end encryption for all meetings, which is widely understood as the most private form of internet communication. However, in March, a Zoom spokesperson admitted that “currently, it is not possible to enable end-to-end encryption for zoom video meetings” due to the design and operation of Zoom’s platform.

Further, Zoom collects user information for the stated purpose of “[understanding] users’ movement around the marketing site.” But Zoom reported sharing user information with Google, and Rios claimed that the company is also selling unauthorized information to Facebook.

The importance for securing Zoom’s videoconferences is especially urgent as the demand created by the COVID-19 pandemic has caused the number of meeting participants across Zoom to jump from 10 million in Dec 2019 to 200 million in March 2020, bringing increased opportunities for parties with malicious intent to interfere.

This civil complaint will be the sixth one filed in based on this conflict. There have been multiple reports of conferences being disrupted by pornography and threatening language since platform usage exploded.

Armed with Section 230, Zoom is likely to argue that they are not responsible for the actions of a third party.

Contributing Reporter Jericho Casper graduated from the University of Virginia studying media policy. She grew up in Newport News in an area heavily impacted by the digital divide and has a passion for universal access and a vendetta against anyone who stands in the way of her getting better broadband.

Robocall

Experts Discuss Enforcement Against Imposter Fraud, Other Consumer Protection Issues

Imposter fraud is a particularly predatory offshoot of robocalling, often involving extremely sophisticated scams.

Published

on

Image by Ityuan used under license from Adobe Stock

WASHINGTON, December 6, 2022 — Consumer protection efforts from telecommunications companies and federal agencies need to tackle imposter fraud in addition to robocalling, said experts at a Federal Communications Bar Association event Monday.

Imposter fraud is a particularly predatory offshoot of robocalling, involving real individuals instead of or in addition to automated messages. These scams can be very sophisticated and tailored toward individual consumers, panelists said.

By pretending to be associated with the IRS or government aid programs, imposter fraud primarily targets vulnerable communities, including non-native English speakers, low-income individuals and the elderly.

State and federal enforcement agencies should take more aggressive action to stop these bad actors, panelists said.

Another important step toward consumer protection is updating education efforts to reflect the increasing sophistication and complexity of scams. Many consumers rely on security advice that is now outdated, said Harold Feld, senior vice president at Public Knowledge.

“The idea of, ‘Don’t click the link, you should call someone”—well, now they fake numbers,” he said. “So if you call rather than click the link, you’re still talking to a to a criminal.”

While many consumers know to not give out their bank information or social security number, newer scams frequently ask for information that may seem less important, such as utility account numbers. Scammers can then use that information to perpetrate various forms of identity theft.

With scamming tactics changing every few months, telecommunications companies should provide continued consumer education beyond their initial onboarding, said Stuart Drobny, president of Stumar Investigations.

Panelists discussed a variety of actions being taken to combat robocalls, generally describing them as positive steps but not full solutions.

Although STIR/SHAKEN implementation – the Federal Communications Commission’s framework to combat illegal robocalls – has made progress, bad actors have found a workaround by purchasing thousands of legitimate phone numbers, said Diana Eisner, vice president of policy and advocacy at USTelecom.

The FCC’s actions against voice over internet protocol providers are “very promising and so far have been proven to be very effective,” said Len Briley, senior legal counsel for DIRECTV.

Other consumer protection issues involve the ACP and provider disclosures

Panelists also discussed the benefits and weaknesses of the FCC’s Affordable Connectivity Program, which subsidizes internet services for low-income households.

The ACP has been life-changing for many of the program’s participants, Feld said, citing a digital equity report released by Cox on Friday. About half of the survey participants reported that they had been unable to afford home internet prior to the ACP. Nearly all participants reported significant benefits from home internet, particularly for participating in remote learning, accessing educational resources and completing schoolwork from home.

Despite the program’s value, it has also been the subject of multiple fraud controversies. Some of these problems have emerged when consumers are not fully informed about the requirements, Feld said.

“You have lifeline recipients who get a contact from their phone lifeline provider and they say, ‘Hey, we’d like to upgrade you to a new contract,’ and they don’t tell them that it’s an ACP program… and then when [consumers] try to apply their ACP benefit, which is a one per household for a wireline connection, they discover that they can’t because they have used their ACP benefit for wireless.”

In October, Rep. Frank Pallone, Jr., D-N.J., raised concerns about several internet service providers engaging in potential “abusive, misleading, fraudulent, or otherwise predatory behaviors” related to the ACP.

Another FCC consumer protection initiative is the new broadband “nutrition label” requirement, mandating that internet providers display standardized performance metrics, monthly rates and other relevant information at points of sale.

Eisner praised the initiative, saying that the FCC had reached a good balance of ensuring that the labels would present important information without becoming unwieldy or overly complicated.

Although consumer groups called for a requirement that these labels be included on monthly internet bills, this requirement did not make it into the final order. In failing to include it, the FCC “missed something that would be a very significant benefit to consumers,” Feld said.

Continue Reading

Expert Opinion

Dmitry Sumin: What to Do About Flash Calls, the New SMS Replacement

Why are flash calls on the rise and how do operators handle them to maximize revenue?

Published

on

The author of this Expert Opinion is Dmitry Sumin, AB Handshake Corporation Head of Products

Chances are you’ve received several flash calls this week when registering for a new app or verifying a transaction. Flash calls are almost instantly dropped calls that deliver one-time passcodes to users, verifying their phone numbers and actions. Many prominent apps and companies, such as Viber, Telegram, WhatsApp, and TikTok, use flash calls as a cheaper, faster, and more user-friendly alternative to application-to-person SMS.

With the flash call volume expected to increase 25-fold from 2022 to 2026, from five to 130 billion, it’s no wonder they’re a hot topic in the telecom industry.

But what’s the problem, you may ask?

The problem is that there is currently no way for operators to bill zero-duration calls. This means operators don’t make any termination revenue from flash calls, which overload networks. What’s more, operators lose SMS termination revenues as businesses switch to flash calls. SMS business messaging accounts for up to five percent of total operator-billed revenue in 2021, so you can see the scale of potential revenue losses for operators. 

In this article, I’ll discuss why flash calls are on the rise, why it’s difficult to detect and monetize them, and what operators can do about this.

Why are flash calls overtaking SMS passcodes?

Previously, application-to-person SMS was a popular way to deliver one-time passwords. But enterprises and communication service providers are increasingly switching to flash calls because they have several disruptive advantages over SMS.

First and foremost, flash calls are considerably cheaper than SMS, sometimes costing up to eight times less. Cost of delivery is, of course, a prime concern for apps and enterprises.

Second, flash calls ensure smooth user interaction, which boosts user satisfaction and retention. On Androids, mobile apps automatically extract flash call passcodes. This makes the two-factor authentication process fast and frictionless. In comparison, SMS passcodes require users to read the SMS and sometimes insert the code manually.

Third, on average flash calls reach users within 15 seconds, while SMS sometimes take 20 seconds or longer. The delivery speed of flash calls also improves the user experience.

The problem: Flash calls erode operators’ SMS revenues

While offering notable advantages for apps, flash call service providers, and end users, flash calls create numerous challenges for operators and transit carriers.

As we discussed before, flash calls erode operators’ SMS revenues because much of the new flash call traffic will be shifted away from current SMS business messaging. The issue is only going to become more pressing as the volume of flash calls grows.

So from the operator’s standpoint, flash calls reduce revenue, disrupt relations with interconnect partners, and overload networks. However, there is still no industry consensus on how to handle flash calls: block them like spam and fraudulent traffic or find a monetization model for this verification channel, like for application-to-person SMS.

Accurate detection of flash calls is a challenge

The first crucial step that gives operators the upper hand is accurately detecting flash calls.

This is difficult because operators have no way of discerning legitimate verification flash calls from fraud schemes that rely on drop calls, such as wangiri. The wangiri fraud scheme uses instantly dropped calls to trick users into calling back premium rate numbers. In addition, flash calls need to be distinguished from genuine missed calls placed by customers.

The problem is that even advanced AI-powered fraud management systems struggle to accurately differentiate between various zero-duration calls. The task requires AI engines to be trained on large volumes of relevant traffic coupled with analysis of hundreds of specific call parameters.

Dedicated anti-fraud solutions are the answer

There are only a few solutions on the market that are capable of accurately distinguishing flash calls from other zero-duration calls. Dedicated fraud management vendors have made progress on this difficult task.

The highest accuracy of flash call detection now available on the market is 99.92 percent. Such tools allow operators to precisely determine the ranges from which flash calls are sent. As a result, operators can make an informed decision on how to treat flash calls to maximize revenue and can proactively negotiate with flash call providers.

Flash call detection creates new opportunities

Our team estimates that flash calls make up to four percent of Tier one operators’ international voice traffic. Without accurate detection and a billing strategy, this portion of traffic overloads operators’ networks and offers no revenue. However, with proper detection flash calls offer a new business opportunity.

Now is a crucial time for operators to start implementing flash call detection into their system and capitalize on the trend.

There are a few anti-fraud solutions on the market that give operators all the necessary information to negotiate a billing agreement with a flash call provider. Once an agreement has been reached, all flash calls coming from this provider will be monetized, much like SMS.

All flash calls not covered by agreements can be blocked automatically. This will help to restore SMS revenues. Once a flash call has been blocked, subscribers will most likely receive an SMS passcode sent as a fallback.

Moreover, modern solutions don’t affect any legitimate traffic because they only block selected ranges. This also helps to prevent revenue loss.

Essentially, the choice of how to handle flash calls comes down to each operator. However, without a powerful anti-fraud solution capable of accurately detecting flash calls in real time, it’s nearly impossible to monetize flash calls effectively and develop a billing strategy.

Dmitry Sumin is the Head of Products at the AB Handshake Corporation. He has more than 15 years of experience in international roaming, interconnect and fraud management. Since graduating from Moscow State University, he has worked for both vendors and network operators in the MVNO and telecommunications market. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Cybersecurity

FCC Halts Authorization of Equipment That Threatens National Security

The FCC’s order prevents future authorizations of equipment on the commission’s “Covered List” of national security threats.

Published

on

Photo of FCC Commissioner Brendan Carr

WASHINGTON, November 28, 2022 – The Federal Communications Commission published Friday a modification of certification rules that will bar from United States markets technologies that are considered threats to national security.

The commission’s action seeks to prevent Chinese tech companies deemed to be national security threats – such as Huawei and ZTE – from gathering data on and surveilling American citizens. The Chinese Communist government can force, under law, private companies to hand over data from their products, thus putting Americans at risk, experts and government officials have said.

Friday’s action bars the commission from issuing further authorizations for covered technologies, without which those technologies may not be imported to or marketed in the United States. The action also closes loopholes that would allow certain products to skirt the authorization process.

“That does not make any sense,” said FCC Chairwoman Jessica Rosenworcel in a statement. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorization procedures with the rest of our national security policies.”

The FCC already publishes a list of entities and products, on the advice of Public Safety and Homeland Security,  that pose national security risks. The commission has long shown skepticism toward such risky technologies, notably disallowing the use of universal service funds to buy certain products in 2019.

The rule covers many types of equipment, including base stations, phones, cameras, and Wi-Fi routers.

With this decision, the FCC has fulfilled a congressional mandate to enact a moratorium on equipment on the covered list within 12 months. The statute followed a notice of proposed rulemaking it issued last year.

Congress in 2017 forbade the Department of Defense from using telecommunications equipment or services from Huawei or ZTE. Building on that effort, Congress the next year expanded prohibitions on federal use of technology from those companies and three others. In 2019, in response to concerns over the integrity of communications networks and supply chains, the White House declared a national emergency.

In March 2020, then-President Donald Trump signed into law the Secure Networks Act, requiring the FCC to prohibit the use of moneys it administers for the acquisition of designated communications equipment. The act promoted the removal of existing compromised equipment through a reimbursement program – called Rip and Replace – and further directed the commission to create and maintain the covered list.

FCC Commissioner Brendan Carr, outspoken on national security issues, celebrated Friday’s decision, but called for further action.

“We must also vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear – a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr said in a statement.

Rosenworcel said in her statement that the order covers “re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive.”

Carr also once again called for federal action against TikTok, the Chinese built social media app. The video-sharing app gathers extensive data on users, and despite protestations to the contrary, the platform routinely feeds Americans’ information to the Chinese government, reports say.

“Secure networks mean little if insecure applications are allowed to run, sweep up much of the same sensitive data, and send it back to Beijing,” Carr said.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending