Days ago, senator Warner reported on the major intrusion on American phone networks. In recent months, the group Salt Typhoon was found to have compromised various systems, including those involved with major political figures.
According to this recent Post article, the Chinese-affiliated group had infiltrated multiple telecom companies, extracting information such unencrypted text messages and information related to court orders.
The phone system state apparently is fairly fragmented and archaic across the USA, where to fully patch and protect the network, updated equipment would be required for “literally thousands and thousands and thousands of pieces of equipment across the country” according to senator Warren. This highlights the state of technical debt and lack of updates which should be checked on on a regular basis! Just like your computer and phone should have security updates when available, it is much more important for publicly connected servers and networks to update with security updates – and perhaps set with updates installing as needed with Debian’s Unattended-upgrades.
Bleeepingcomputer last month noted other similar organizations had been targeting US and India internet service companies, using known vulnerabilities to Microsoft servers.
Take this as a reminder to allow the security updates… and perhaps use a more secure call and texting app than the standard phone call system and SMS?