Matelefoni aku America adzalimbana ndi spam yamafoni

Ku United States, ukadaulo wotsimikizira olembetsa—protocol ya SHAKEN/STIR—ikupita patsogolo. Tiyeni tikambirane mfundo za kagwiritsidwe ntchito kake komanso zovuta zomwe zingachitike pakukhazikitsa.

/flickr/ Mark Fischer / CC BY-SA

Vuto ndi mafoni

Ma robocall osafunsidwa ndi omwe amayambitsa madandaulo ogula ku Federal Trade Commission. Mu 2016 bungwe adajambula mamiliyoni asanu, patatha chaka chiŵerengerochi chinaposa mamiliyoni asanu ndi aŵiri.

Kuyimba sipamu kotereku kumachotsa zambiri kuposa nthawi ya anthu. Ntchito zoimbira pawokha zimagwiritsidwa ntchito kulanda ndalama. Malinga ndi YouMail, mu Seputembala chaka chatha, 40% ya ma robocall mabiliyoni anayi zidapangidwa ndi scammers. M'chilimwe cha 2018, New Yorkers adataya pafupifupi madola XNUMX miliyoni potumiza zigawenga zomwe zidawayimbira m'malo mwa akuluakulu aboma ndikuwalanda ndalama.

Vutoli linabweretsedwa ku US Federal Communications Commission (FCC). Oimira bungwe adapanga mawu, zomwe zinkafuna kuti makampani oyankhulana agwiritse ntchito njira yothetsera vuto la spam pa telefoni. Yankho ili linali SHAKEN/STIR protocol. Mu March adayesedwa pamodzi kuwononga AT&T ndi Comcast.

Momwe protocol ya SHAKEN/STIR imagwirira ntchito

Ogwiritsa ntchito pa telecom adzagwira ntchito ndi ziphaso za digito (zomangidwa pamaziko achinsinsi chachinsinsi cha anthu), zomwe zidzawalola kutsimikizira oyimba.

Njira yotsimikizira izi zichitika motere. Choyamba, woyendetsa munthu amene akuyimba foni amalandira pempho SIP INVITE kuti mutsegule. Utumiki wotsimikizira woperekayo umayang'ana zambiri za kuyimba - malo, bungwe, deta ya chipangizo cha woyimbayo. Malingana ndi zotsatira za chitsimikiziro, kuyitana kumaperekedwa limodzi mwa magawo atatu: A - zonse zokhudza woyimbayo zimadziwika, B - bungwe ndi malo omwe amadziwika, ndi C - malo okhawo omwe amalembetsa amadziwika.

Zitatha izi, wogwiritsa ntchitoyo amawonjezera uthenga wokhala ndi sitampu ya nthawi, gulu loyimba foni ndi ulalo wa satifiketi yamagetsi kumutu wa pempho la INVITE. Nachi chitsanzo cha uthenga wotero kuchokera ku GitHub repository imodzi mwama telecoms aku America:

{
	"alg": "ES256",
        "ppt": "shaken",
        "typ": "passport",
        "x5u": "https://cert-auth.poc.sys.net/example.cer"
}

{
        "attest": "A",
        "dest": {
          "tn": [
            "1215345567"
          ]
        },
        "iat": 1504282247,
        "orig": {
          "tn": "12154567894"
        },
        "origid": "1db966a6-8f30-11e7-bc77-fa163e70349d"
}

Kenako, pempho likupita kwa otchedwa olembetsa a athandizi. Wogwiritsa wachiwiri amachotsa uthengawo pogwiritsa ntchito kiyi ya anthu onse, kufananiza zomwe zili mkati ndi SIP INVITE, ndikutsimikizira kuti satifiketiyo ndi yowona. Pambuyo pa izi kugwirizana kwakhazikitsidwa pakati pa olembetsa, ndipo phwando "lolandira" limalandira chidziwitso cha yemwe akumuyitana.

Njira yonse yotsimikizira ikhoza kuwonetsedwa pazithunzi zotsatirazi:

Malinga ndi akatswiri, kutsimikizira woyimba adzatenga osapitilira 100 milliseconds.

Maganizo

Kodi adazindikira ku USTelecom Association, SHAKEN/STIR ipatsa anthu mphamvu zowongolera mafoni omwe amalandila - kupangitsa kuti zikhale zosavuta kwa iwo kusankha ngati angatenge foni.

Werengani pa blog yathu:

• Botnet "spams" kudzera ma routers: zomwe muyenera kudziwa
• DDOS ndi 5G: "chitoliro" chochuluka chimatanthauza mavuto ambiri

Koma pali mgwirizano mumakampani kuti protocol sikhala chipolopolo chasiliva. Akatswiri amati scammers amangogwiritsa ntchito ma workaround. Spammers azitha kulembetsa PBX ya "dummy" mu netiweki ya opareshoni m'dzina la bungwe ndikuyimba mafoni onse kudzera pamenepo. Ngati PBX yatsekedwa, zitheka kungolembetsanso.

Ndi malinga ndi woimira imodzi mwama telecoms, kutsimikizira kosavuta kwa olembetsa pogwiritsa ntchito satifiketi sikukwanira. Kuti muyimitse anthu ochita chinyengo komanso otumizira ma spammers, muyenera kulola opereka chithandizo kuti aletse mafoni otere. Koma kuti izi zitheke, bungwe la Communications Commission liyenera kupanga malamulo atsopano omwe aziyendetsa ntchitoyi. Ndipo FCC ikhoza kuthana ndi nkhaniyi posachedwa.

Kuyambira chiyambi cha chaka, congressmen akulingalira lamulo latsopano lomwe lidzakakamize bungweli kuti likhazikitse njira zotetezera nzika ku ma robocall ndikuwunika kukhazikitsidwa kwa muyezo wa SHAKEN/STIR.

/flickr/ Jack Sem / CC BY

Ndizofunikira kudziwa kuti SHAKEN / STIR zakhazikitsidwa pa T-Mobile - pamitundu ina ya smartphone ndikukonzekera kukulitsa zida zothandizidwa - ndi Verizon - Makasitomala ake ogwiritsira ntchito amatha kutsitsa pulogalamu yapadera yomwe ingachenjeze za mafoni ochokera ku manambala okayikitsa. Ogwiritsa ntchito ena aku US akuyesabe ukadaulo. Akuyembekezeka kumaliza kuyesa kumapeto kwa 2019.

Zomwe mungawerenge mubulogu yathu pa Habré:

• Nkhondo Yopanda Ndandanda ya Net Ndi Mwayi Wobwereranso
• Mkhalidwe: Japan ikhoza kuchepetsa kutsitsa zomwe zili pa intaneti - tiyeni tiyang'ane ndikukambirana
• Muyezo watsopano wozikidwa pa PCIe 5.0 "ulumikiza" CPU ndi GPU - zomwe zimadziwika nazo

Source: www.habr.com