Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmAfter years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register2017-05-03T20:52:38+00:00
https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
jmExperts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. [...]
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.
In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.
]]>o2 telefonica germany ss7 mobile 2fa security hacks cellphoneshttps://pinboard.in/https://pinboard.in/u:jm/b:4c5723d5c61e/Chinese cops cuff 1,500 in fake base station spam raid2014-03-26T13:49:33+00:00
http://www.theregister.co.uk/2014/03/26/spam_text_china_clampdown_police/
jmFake base stations are becoming a particularly popular modus operandi. Often concealed in a van or car, they are driven through city streets to spread their messages. The professional spammer in question charged 1,000 yuan (£100) to spam thousands of users in a radius of a few hundred metres. The pseudo-base station used could send out around 6,000 messages in just half an hour, the report said. Often such spammers are hired by local businessmen to promote their wares.
(via Bernard Tyers)]]>stingers imsi-catcher mobile-phones mobile cellphones china spam via:bernard-tyershttps://pinboard.in/https://pinboard.in/u:jm/b:63f5ac87d836/Florida cops used IMSI catchers over 200 times without a warrant2014-03-05T15:46:27+00:00
http://www.wired.com/threatlevel/2014/03/stingray/
jmHarris is the leading maker of [IMSI catchers aka "stingrays"] in the U.S., and the ACLU has long suspected that the company has been loaning the devices to police departments throughout the state for product testing and promotional purposes. As the court document notes in the 2008 case, “the Tallahassee Police Department is not the owner of the equipment.”
The ACLU now suspects these police departments may have all signed non-disclosure agreements with the vendor and used the agreement to avoid disclosing their use of the equipment to courts. “The police seem to have interpreted the agreement to bar them even from revealing their use of Stingrays to judges, who we usually rely on to provide oversight of police investigations,” the ACLU writes.
]]>aclu police stingrays imsi-catchers privacy cellphones mobile-phones security wiredhttps://pinboard.in/https://pinboard.in/u:jm/b:f7f0b750798e/Ukrainian police use cellphones to track protestors, court order shows2014-01-30T18:09:12+00:00
http://arstechnica.com/tech-policy/2014/01/ukrainian-police-use-cellphones-to-track-protestors-court-order-shows/
jmProtesters for weeks had suspected that the government was using location data from cellphones near the demonstration to pinpoint people for political profiling, and they received alarming confirmation when a court formally ordered a telephone company to hand over such data. [...] Three cellphone companies — Kyivstar, MTS and Life — denied that they had provided the location data to the government or had sent the text messages. Kyivstar suggested that it was instead the work of a “pirate” cellphone tower set up in the area. In a ruling made public on Wednesday, a city court ordered Kyivstar to disclose to the police which cellphones were turned on during an antigovernment protest outside the courthouse on Jan. 10.
]]>tech location-tracking tracking privacy ukraine cellphones mobile-phones civil-libertieshttps://pinboard.in/https://pinboard.in/u:jm/b:9b5c8c6e2101/