Security News

As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

US carriers haven't been doing enough to block robocalls, according to the Federal Communications Commission, so its chairman, Ajit Pai, has proposed a set of rules that would force carriers to block robocalls. In November 2018, Pai asked the phone carriers to adopt a technology framework called SHAKEN/STIR to help solve the problem.

Garrison is using ARM processor chips to create a hardware defense against data breaches and malware. Instead of relying on endpoint protection or user training to improve security, the UK-based security company Garrison wants to use hardware to prevent malware infections and data breaches.

Always stay alert to potential security attacks on mobile devices. Aaron Turner, president and chief security officer of Highside, a distributed identity and secure collaboration technology company, said hardened Android devices are preferred over iOS devices, because iOS devices rely on a single-point-of-failure security model and don't allow users to select which encryption roots their device trusts.

Voice commands encoded in ultrasonic waves can, best case scenario, silently activate a phone's digital assistant, and order it to do stuff like read out text messages and make phone calls, we're told. In the video demo below, a handset placed on a table wakes up after the voice assistant is activated by inaudible ultrasonic waves.

Microsoft has a neat web page that helps you get Outlook set up on your phone. Just like Italian security researcher Luca Epifanio, our first thought was, "What if someone decides to put in someone else's phone number and then spam them over and over and over again?".

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on. When these disassociation packets are received, vulnerable Wi-Fi controllers - made by Broadcom and Cypress, and used in countless computers and gadgets - will overwrite the shared encryption key with the value zero.

The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m - and resulted in just one useful lead over four years. It is perhaps no wonder that the NSA and the FBI has spent years stalling and refusing to hand over any information about the program.

A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users. David Rupprecht and Dr. Katharina Kohls from the Chair of System Security developed attacks to exploit security gaps in the mobile phone standard LTE. "An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them," illustrates Professor Thorsten Holz from Horst Görtz Institute for IT Security, who discovered the vulnerability together with David Rupprecht, Dr. Katharina Kohls and Professor Christina Pöpper.