Security News

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience.

The Federal Communications Commission announced earlier this week that phone companies are now required to filter calls from providers who haven't complied with a deadline to block illegal robocalls expired on September 28th. They can only accept calls from voice service providers registered in the Robocall Mitigation Database who have implemented caller ID authentication technology for calls carried made over Internet Protocol networks or filed a robocall mitigation plan with the FCC. "This technology is critical to protecting Americans from scams using spoofed robocalls because it erodes the ability of callers to illegally spoof a caller ID, which scammers use to trick Americans into answering their phones when they shouldn't," the FCC explains. To make it easy to comply with this robocall blocking deadline, the FCC provides an email subscription service that telecom companies can use to keep track of changes to the Robocall Mitigation Database.

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. According to the researchers' estimates, the cybercriminals could steal millions in recurring payments every month from victims around the world.

Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. On September 16th, 2021, VoIP.ms became the victim of a distributed denial-of-service attack targeting their infrastructure, including DNS name servers.

A Pakistani fraudster was sentenced to 12 years in prison earlier this week after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven-year scheme that led to the fraudulent unlocking of almost 2 million phones. Throughout this operation, Muhammad Fahd - the scheme leader - bribed multiple AT&T employees to do his bidding, including unlocking phones, giving him access to their credentials, and installing malware that gave him remote access to the mobile carrier's servers.

The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12 years, according to the Department of Justice, after effectively compromising AT&T's internal networks to install credential-thieving malware. "Unlocking a phone effectively removes it from AT&T's network, thereby allowing the account holder to avoid having to pay AT&T for service or to make any payments for purchase of the phone," it said.

A Glasgow-based company is facing a £150,000 penalty handed down by the UK's data watchdog for making more than half a million nuisance calls about bogus green energy deals. The Information Commissioner's Office fined DialADeal Scotland Ltd after an investigation found that it had targeted numbers registered with the Telephone Preference Service where people had expressly withdrawn their consent to receive marketing calls.

The problem with copyright infringement notices is that if they're genuine, they can't just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they're received. They've copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for "Help".

"We solve something that had previously been thought impossible - achieving location privacy in mobile networks," said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy at Princeton University, told The Register. In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.

CIS Secure received approval from the National Telecommunications Security Working Group for its new Poly 8300 TSG conference phone. The Poly 8300 conference phone is designed to transform any small conference room hub into a TSG-protected secure collaboration space.