Security News

The impersonation attack - named "IMPersonation Attacks in 4G NeTworks" - exploits the mutual authentication method used by the mobile phone and the network's base station to verify their respective identities to manipulate data packets in transit. The man-in-the-middle attack allows a hacker to impersonate a user towards the network and vice versa.

Researchers have found a way to impersonate mobile devices on 4G and 5G mobile networks, and are calling on operators and standards bodies to fix the flaw that caused it. Research into the vulnerability, conducted by academics at Ruhr Universität Bochum and New York University Abu Dhabi, is called Impersonation Attacks in 4G Networks, although deployment requirements for 5G networks mean that it could work on those newer systems too.

A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users. In IMP4GT attack, the researchers explain in a whitepaper, the impersonation can be conducted on either the uplink direction or the downlink direction.

Samsung has admitted that what it calls a "Small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them.

Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users. David Rupprecht and Dr. Katharina Kohls from the Chair of System Security developed attacks to exploit security gaps in the mobile phone standard LTE. "An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them," illustrates Professor Thorsten Holz from Horst Görtz Institute for IT Security, who discovered the vulnerability together with David Rupprecht, Dr. Katharina Kohls and Professor Christina Pöpper.

Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout. More than 3,900 mobile banking app users of several Canadian and American banks fell victim to the SMS phishing attacks, which started in June 2019 and apparently recently ended, researchers at Lookout say in their new report.

iProov, a leading provider of biometric authentication technology, announces that its Verifier product is now available to organisations needing to verify customer identities in a host of new physical environments, including kiosks. iProov has revolutionised the process of remote identity authentication, enabling banks and governments to authenticate customers and citizens via mobile or online app for access to secure services.

A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June and last month.

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, announced an extended collaboration with Samsung Electronics' LSI Business, a global leader in semiconductor components and 5G technology, to validate dynamic spectrum sharing technology used in the smartphone maker's new 5G modem. Samsung has used Keysight's 5G network emulation solutions to accelerate the development of its radio frequency solution, Exynos RF 5510, as well as its newest 5G modem, Exynos Modem 5123, which supports DSS technology.

Mathew Marulla began leasing a Ford Focus electric vehicle in 2013, but turned the car back in to Ford at the end of his lease in 2016. Asked to comment on Marulla's experience, a spokesperson for Ford said all Ford dealerships are supposed to perform a "Master reset" as part of their used car checklist prior to the resale of a vehicle.