DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Read the rest

5G wireless may mess up weather forecasts

While 5G mobile networks promise to provide tremendous wireless speeds with low latency, they may also make it more difficult for meteorologists to provide weather forecasts. That's because 5G's neighboring frequencies are used by satellites that detect water vapor in the atmosphere, data that informs weather models used by meteorologists. From Nature:

Astronomers, meteorologists and other scientists have long worked to share the spectrum with other users, sometimes shifting to different frequencies to prevent conflicts. But “this is the first time we’ve seen a threat to what I’d call the crown jewels of our frequencies — the ones that we absolutely must defend come what may”, says Stephen English, a meteorologist at the European Centre for Medium-Range Weather Forecasts in Reading, UK.

They include the 23.8-gigahertz frequency, at which water vapour in the atmosphere emits a faint signal. Satellites, such as the European MetOp probes, monitor energy radiating from Earth at this frequency to assess humidity in the atmosphere below — measurements that can be taken during the day or at night, even if clouds are present. Forecasters feed these data into models to predict how storms and other weather systems will develop in the coming hours and days.

But a 5G station transmitting at nearly the same frequency will produce a signal that looks much like that of water vapour. “We wouldn’t know that that signal is not completely natural,” says Gerth.

Read the rest

Facebook forces you to expose your phone number to the whole world in order to turn on two-factor authentication

Last September, Facebook drew fire for abusing the phone numbers users provided for two-factor authentication messages, sending spam advertising messages over the same channel -- now, rather than reforming its ways, Facebook has doubled down on poisoning the security well, by adding a no-opt-out policy of allowing anyone in the world to search for you by phone number if you provide that number for two-factor auth. Read the rest

Google says it won't remove Saudi government app that lets men track and monitor their wives and domestic employees

Absher is a kind of Saudi equivalent to China's Weibo, an all-in-one service that manages payments, interaction with government services, and, key to the Saudi system of sadistic, totalitarian medieval patriarchy, it lets men track the whereabouts of their wives, daughters, and employees, sending alerts to "guardians" when women use their passports. Read the rest

FTC fines app TikTok/Musical.ly $5.7 million for child data privacy violations

Today's FTC ruling impacts how the TikTok app works for users under the age of 13.

Mobile apps built with Facebook's SDK secretly shovel mountains of personal information into the Zuckermouth

If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest

Bossfight: Allstate Insurance enters the Right to Repair fight, loans its lobbyists to fight Apple

The Right to Repair movement got state legislatures to consider more than a dozen Right to Repair bills last year, and have made great strides in the EU and elsewhere, but for every two steps forward they manage, they're forced a step or two back by giant corporate lobbyists, led by Apple, who want to ensure that third parties can't repair products, and that a manufacturer's decision it's time to retire a product from the market won't be challenged by independent repair depots. Read the rest

Ios and Android app stores both host Saudi government app that lets men track their spouses' movements

Senator Ron Wyden has publicly denounced both Apple and Google for hosting mobile apps that connect to Absher, a Saudi government service designed to allow Saudi men to track their spouses and employees' whereabouts at all times. Read the rest

Study shows that countries that permit Facebook's beloved "zero rating" programs end up with more expensive wireless data

Facebook loves "zero rating," when an internet provider takes bribes from online services to exempt them from data charges on their networks: Facebook says that having a roster of (Facebook-approved) services that are free-to-use benefits the poorest people in a country (and the fact that this also makes "Facebook" synonymous with "internet" for whole nations is merely incidental). Read the rest

Leak reveals that hundreds of bounty hunters have had access to super-fine-grained mobile location data for years

After a blockbuster report in Motherboard revealed that bounty hunters were able to buy realtime location data that originated with three of the four major cellular carriers (the exception is Verizon), the carriers scrambled to spin the news, insisting that the bounty hunter access represented a recent, small-scale aberration, but a new set of leaks reported on in Motherboard reveals that the practice has gone on for years, at industrial scale, and that the resellers who supplied bail bondsmen and other unsavory types in secret have changed names, but are still in business. Read the rest

Facebook cancels its all-spying, secret "research" program, Apple cancels Facebook's developer account

Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices. Read the rest

Project Atlas: Facebook has been secretly paying Iphone users to install an all-surveilling "VPN" app

The "Facebook Research" VPN is an app that circumvents Apple's ban on certain kinds of surveillance by cloaking itself as a beta app and distributing through the Applause, Betabound and Utest services, rather than Apple's App Store: users get up to $20/month, plus referral fees, to run the app, which comes with a man-in-the-middle certificate that lets Facebook intercept "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." Read the rest

Major vulnerability in 5G means that anyone with $500 worth of gear can spy on a wide area's mobile activity

Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators"). Read the rest

Australia may have just backdoored your mobile phone

A really bad new law in Australia gives police the right to force companies like Apple to 'backdoor', or create encryption circumvention alternatives, in all their products. The issue has been controversial in the U.S. for a long time, and spiked in 2016 after the mass shooting in San Bernardino. Read the rest

Android malware uses accelerometer readings to figure out if it was running on a real phone or in emulation

Malware authors have a problem: they want their software to run aggressively when no one is looking at it, but to shut down entirely if the device it's running on is actually in some malware researcher's lab. Read the rest

Vermont official fact-checks mobile carriers' coverage maps, proves they're lying like crazy

America's major cellular carriers publish maps showing that virtually the entire state is well-covered, with solid signals and 5MB/s internet speeds, but Vermonters know that this is totally untrue. Read the rest

Google Fi to carriers: don't sell our customers' location data to third parties

In the wake of this week's Motherboard scoop that the major US carriers sell customers' location data to marketing companies that sell it on to bounty hunters and other unsavory characters, Google has disclosed that they have told the carriers that supply service for its Google Fi mobile virtual network operator (MVNO) that they expect that Fi customers' data will not be sold this way. Read the rest

More posts