jm + cellphones   4

After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register
Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. [...]

O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.

In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.
o2  telefonica  germany  ss7  mobile  2fa  security  hacks  cellphones 
24 days ago by jm
Chinese cops cuff 1,500 in fake base station spam raid
The street finds its own uses for things, in this case Stinger/IMSI-catcher-type fake mobile-phone base stations:
Fake base stations are becoming a particularly popular modus operandi. Often concealed in a van or car, they are driven through city streets to spread their messages. The professional spammer in question charged 1,000 yuan (£100) to spam thousands of users in a radius of a few hundred metres. The pseudo-base station used could send out around 6,000 messages in just half an hour, the report said. Often such spammers are hired by local businessmen to promote their wares.


(via Bernard Tyers)
stingers  imsi-catcher  mobile-phones  mobile  cellphones  china  spam  via:bernard-tyers 
march 2014 by jm
Florida cops used IMSI catchers over 200 times without a warrant
Harris is the leading maker of [IMSI catchers aka "stingrays"] in the U.S., and the ACLU has long suspected that the company has been loaning the devices to police departments throughout the state for product testing and promotional purposes. As the court document notes in the 2008 case, “the Tallahassee Police Department is not the owner of the equipment.”

The ACLU now suspects these police departments may have all signed non-disclosure agreements with the vendor and used the agreement to avoid disclosing their use of the equipment to courts. “The police seem to have interpreted the agreement to bar them even from revealing their use of Stingrays to judges, who we usually rely on to provide oversight of police investigations,” the ACLU writes.
aclu  police  stingrays  imsi-catchers  privacy  cellphones  mobile-phones  security  wired 
march 2014 by jm
Ukrainian police use cellphones to track protestors, court order shows
Protesters for weeks had suspected that the government was using location data from cellphones near the demonstration to pinpoint people for political profiling, and they received alarming confirmation when a court formally ordered a telephone company to hand over such data. [...] Three cellphone companies — Kyivstar, MTS and Life — denied that they had provided the location data to the government or had sent the text messages. Kyivstar suggested that it was instead the work of a “pirate” cellphone tower set up in the area. In a ruling made public on Wednesday, a city court ordered Kyivstar to disclose to the police which cellphones were turned on during an antigovernment protest outside the courthouse on Jan. 10.
tech  location-tracking  tracking  privacy  ukraine  cellphones  mobile-phones  civil-liberties 
january 2014 by jm

Copy this bookmark:



description:


tags: