Security News
The boffins' research paper, "Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds," is scheduled to be presented at PETS, the Privacy Enhancing Technologies Symposium, in July, even though it will be four years later than the initial project [PDF]. Written by Naval Academy researchers Ellis Fenske, Dane Brown, Jeremy Martin, Travis Mayberry, Peter Ryan, and Erik Rye, the paper describes the analysis of 160 mobile phones and the extent to which these devices employ MAC address randomization to mitigate tracking vulnerabilities.
For Teams users, the new packages are specifically designed to complete the essential functionality of a fully integrated cloud communications platform by adding Unite's enterprise-grade business phone features to the Microsoft Teams business collaboration suite. This package is designed for business customers that are already using Teams for collaboration, but need the essential telephony features of a more robust business phone system.
In a research report published Thursday, cyber threat intelligence provider Check Point Research revealed certain details on a flaw it identified in 2020 in Qualcomm mobile station modem chips, including ones used in 5G devices. Mobile phone makers must apply the patch and roll out the fix to users, which means that any device not yet updated would still be vulnerable.
A high severity security vulnerability found in Qualcomm's Mobile Station Modem chips could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations. Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi.
A Reg reader recreated this scene in real life using his Samsung Galaxy A20 phone - and the severed tip of his index finger, parted from his hand thanks to an industrial accident involving a crane. "I extracted from its grave of medicinal alcohol, dried it off and... eureka! ... managed to register my dead finger on my phone."
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers.
After Faïd's helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.
Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. At least the potentially more hazardous activities, such as storing personal data on your work machine or storying sensitive company data on your personal devices.
It is possible to hijack and manipulate Cellebrite's phone-probing software tools by placing a specially crafted file on your handset, it is claimed. Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite's gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.
"The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs said today. "With the TLS secrets at hand, we will demonstrate how a man-in-the-middle attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys used for end-to-end encryption in user communications."