AI scammer posing as Marco Rubio targets officials in growing threat
Fake voice and text messages on Signal tricked senior leaders, as AI impersonation rises in global politics
I guess Signal's probably less-prone to letting attackers pose as other people than the phone system, but the phone system is abysmal.
Could probably benefit from some sort of trust system(s), like X.509 certs for organizations, or GPG keys for a distributed web of trust or something, and adoption of calling practices that aren't vulnerable to this. Needs to be a few simple steps that people can be told to follow, not a constantly moving target that requires information security familiarity.
Or you know... bear with me on this crazy idea (obviously for government not us), Maybe we need to... make sure government communication uses government infrastructure. Of which the government can directly trace, and identify who is in etc...
Nah
The fundamental flaw with the phone system is it's all or nothing. It's difficult to get in, but once you're in there's zero controls (DNS used to and somewhat still does also suffer from this).
STIR/SHAKEN should have resolved this. Unfortunately, telecom carriers didn't do the last step of banning any telco (mostly VoIP providers) prone to allowing scammer accounts in. They'd also have to filter US numbers calling in from other countries to validate and ensure they are real.
All of this being work, and telecoms, especially those in the US, hate doing work.
The phone system doesn't have a way to identify people other than Caller ID, and that's vulnerable to various forms of spoofing.
