The Catalan independence movement is being coordinated by an app designed for revolutions

Tsunami Democràtic is a radical, decentralized wing of the resurgent Catalan independence movement, centered around an anonymously authored app designed to coordinate revolutionary uprisings. Read the rest

WhatsApp fixes security bug that let hackers take over with a GIF

A spokesperson for the Facebook-owned WhatsApp says the company has fixed a security vulnerability that let hackers take control of the messaging app by way of a malicious GIF. Read the rest

Checkm8: an "unstoppable" Iphone jailbreaking crack

Last month, a developer called Axi0mx released an Iphone crack called Checkm8, which attacks a defect in the Ios bootrom, a low-level piece of code that has not been successfully attacked since 2010. The bootrom is read-only, making its defects effectively unpatchable, short of removing the chip and swapping it for one with more robust code (the attack also works on version 1, 2 and 3 Apple Watches). Read the rest

Son of Ghostnet: the mobile malware that targets Tibetans abroad

Citizen Lab (previously) is one of the world's top research institutions documenting cyber-attacks against citizen groups, human rights activists, journalists and others; ten years ago, they made their reputation by breaking a giant story about "Ghostnet," malicious software that the Chinese state used to convert the computers of the world's Tibetan embassies into spying devices. Read the rest

This is your smartphone on feminism

Maria Farrell admits that comparing smartphones to abusive men (they try to keep you from friends and family, they make it hard to study or go to work, they constantly follow you and check up on you) might seem to trivialize domestic partner violence, but, as she points out, feminists have long been pointing out both the literal and metaphorical ways in which tech replicates misogyny. Read the rest

Alex Stamos schools Apple after they whine about Google revealing a whack of Ios zero-days

Early this month, Google's Project Zero revealed a breathtaking attack on multiple OSes, including Apple's Ios, in which a website that served Uyghur people was found to be hosting at least five different kinds of Ios malware that exploited previously unknown defects in Apple's code (the attack is presumed to have been the work of the Chinese state, which has been prosecuting a genocidal campaign against Uyghurs, whose high-tech fillips have seen both cities and apps suborned to aid in the pogrom). Read the rest

Purism starts shipping its Librem 5 open/free phone

Purism (previously) is a company that crowdfunds free/open laptops and phones whose design goal is to have no proprietary software, even at the lowest levels. The company is best known for its Purism laptops, and I'm very fond of mine (it didn't end up replacing my Thinkpad, only because I'm addicted to the trackpoint for mousing, and trackpads give me raging RSI) (that said, getting any GNU/Linux to run on a current-model Thinkpad is so hard and results in such a rotten experience that I'm reconsidering whether to switch back). Read the rest

DOJ indicts man for paying AT&T employees to help him unlock millions of customers' phones

When Congress legalized phone unlocking in 2014, they added a bunch of carve-outs that let phone companies veto your attempt to unlock your phone, with the big one being that you couldn't unlock your phone while you were still in a contract that provided it to you at a reduced price. Read the rest

DOJ approves $26 billion T-Mobile and Sprint deal

Well, it's finally official. After more than a year in regulatory limbo, The United States Justice Department has approved a $26 billion dollar deal between mobile carriers T-Mobile and Sprint. Read the rest

Mega Mobile Merger: $26 billion Sprint and T-Mobile deal to be approved by Justice Department on Friday

The Justice Department is expected to approve a $26 billion deal between mobile carriers Sprint and T-Mobile on Friday. Read the rest

EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

Chinese authorities are secretly installing their anti-Uyghur surveillance app on the phones of tourists to Xinjiang province

Back in 2017, Chinese authorities in Xinjiang began stopping members of the Uyghur ethnic minority and forcing them to install spyware on their phones: it marked an intensification of the country's crackdown on Uyghur's and other ethnic/religious minorities, which acquired a new technological fervor: next came the nonconsensual collection of the DNA of every person in Xinjiang, then the creation of torture camps designed to brainwash Uyghurs out of their Islamic faith, and then a full blown surveillance smart-city rollout that turned the cities of the region into open-air prisons. Read the rest

Mary Meeker's 2019 Internet Trends: stalled growth, security dumpster-fires, more online education and fear of regulation

Every year, VC Mary Meeker (previously) publishes her must-read Internet Trends Report, which comes as a powerpoint deck with hundreds of slides (you can watch her power through them in 30 minutes flat at the Re-Code conference). Read the rest

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries to the sensors made through automated background processes running on the page. Read the rest

DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Read the rest

5G wireless may mess up weather forecasts

While 5G mobile networks promise to provide tremendous wireless speeds with low latency, they may also make it more difficult for meteorologists to provide weather forecasts. That's because 5G's neighboring frequencies are used by satellites that detect water vapor in the atmosphere, data that informs weather models used by meteorologists. From Nature:

Astronomers, meteorologists and other scientists have long worked to share the spectrum with other users, sometimes shifting to different frequencies to prevent conflicts. But “this is the first time we’ve seen a threat to what I’d call the crown jewels of our frequencies — the ones that we absolutely must defend come what may”, says Stephen English, a meteorologist at the European Centre for Medium-Range Weather Forecasts in Reading, UK.

They include the 23.8-gigahertz frequency, at which water vapour in the atmosphere emits a faint signal. Satellites, such as the European MetOp probes, monitor energy radiating from Earth at this frequency to assess humidity in the atmosphere below — measurements that can be taken during the day or at night, even if clouds are present. Forecasters feed these data into models to predict how storms and other weather systems will develop in the coming hours and days.

But a 5G station transmitting at nearly the same frequency will produce a signal that looks much like that of water vapour. “We wouldn’t know that that signal is not completely natural,” says Gerth.

Read the rest

Facebook forces you to expose your phone number to the whole world in order to turn on two-factor authentication

Last September, Facebook drew fire for abusing the phone numbers users provided for two-factor authentication messages, sending spam advertising messages over the same channel -- now, rather than reforming its ways, Facebook has doubled down on poisoning the security well, by adding a no-opt-out policy of allowing anyone in the world to search for you by phone number if you provide that number for two-factor auth. Read the rest

More posts