this post was submitted on 10 Jun 2026
323 points (99.1% liked)

Technology

85315 readers
5323 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
323
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs (www.404media.co)
submitted 1 day ago by sanitation@lemmy.today to c/technology@lemmy.world
34 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] orclev@lemmy.world 29 points 1 day ago (3 children)

Spam was never done with "burner phones" in the first place, it's mostly done via VoIP through shady telecoms companies that can't be bothered to validate their customers. Due to the age of the phone system it's incredibly easy to spoof phone numbers because it's essentially a trust system. Phone exchange A talks to exchange B and says phone number 123 is calling number 456. How does exchange B know that it's actually 123 calling? They don't at all, they just trust that exchange A is telling the truth. It's really hard to get into the system, but once you're there you essentially have unlimited power with virtually no safeguards in place.

Basically from a security perspective the phone system looks a lot like the 1980s internet, there is technically some security in place, but significantly less than there actually should be.

[–] JordanZ@lemmy.world 1 points 17 minutes ago

In the US at least they’ve been implementing STIR/SHAKEN since about 2020. You can typically see the result of this on your cell phone. Incoming calls should have a little checkmark next to them meaning they’re a verified caller. It’s similar to SSL certs for domain names but for callers instead. (Shady crap for the root CAs but that’s a different issue…cause America).

This isn’t a perfect system as parts of the world that call into the US don’t have VoIP equipment but the FCC has other guidelines on top of STIR/SHAKEN. They are actively trying to mitigate spam but it takes awhile to revamp something as old as the worlds phone system.

[–] ferrule@sh.itjust.works 5 points 15 hours ago

It really isn't difficult to get into telcom systems as there are many countries with almost no requirements to sign up as a telco.

[–] Mikina@programming.dev 4 points 23 hours ago

One of the things that surprised me the most when I started working on vishings for a Cybersecurity Red Team was how extremely easy it is to spoof any phone number.

It's the nunber one tip I give to anyone who asks about security, a lot of people don't know that, and spear-vishings are extremely effective.

People have learned to mostly not trust Microsoft Support numbers asking for your CC, but when an internal company number that your phone matches to your bosses boss calls you, a lot of people fall for that.