Comment by topspin
5 months ago
So if some rando were to just find one of these huge SIM farms, who could they call, and would anything be done?
With the number of radios seen in the photos from the original story, there must have been a great deal of SMS from that structure. That is very easy to spot with low cost equipment: a TinySA[1] and a directional antenna should be sufficient. Hams do "fox hunting" with similarly basic equipment.
Given the resources of cell operators, the most charitable explanation for how something like this can exist for more than a brief interval is total indifference.
[1] The more recent versions ($150+) are pretty powerful and can see all 4G/5G bands.
> Given the resources of cell operators, the most charitable explanation for how something like this can exist for more than a brief interval is total indifference.
And why should they care?
A paying customer is a paying customer, never mind the health and integrity of the public phone network (which coincidentally also serves as the primary identification and authentication method for ~everybody in the US).
These are by and large the same companies who created the caller ID forgery problem to save money when deploying VoIP around the turn of the century. Everyone technical knew that was a bad design but the executives were thinking exactly how you described it, collecting payments for all of that extra traffic until legislation became a risk.
Was there any specific bad design?
As far as I understand it, it's more of the lack of a design (for authentication) that got us into all that trouble, similar to BGP, Email, and many other protocols that were originally designed with trusted counterparties in mind.
It just so happened that the illusion of mutual trust broke down earlier in the Internet than it did in the international phone network. (Some even still believe in it to this day!)
1 reply →
SIM farms are probably against the ToS for most carriers, but otherwise they're not fundamentally problematic just massively inefficient