fbpx

Download free GDPR compliance checklist!

Tag Archives for " phone "

iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

A tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

The spyware has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.

Source: iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

Geofence warrants: How police can use protesters’ phones against them

Rather than seeking warrants for a person backed up with probable cause, police have begun relying on geofence warrants that sweep up information on any device that happened to be in the vicinity of a crime.

Using these wide-ranging data requests, police often get information from companies like Google, collecting data on people who were in the area and almost all of whom are innocent. Police have used the tactic for serious cases like murder investigations, as well as nonviolent property crimes like burglaries.

Source: Geofence warrants: How police can use protesters’ phones against them – CNET

Warrant needed to search locked phones, US court rules

Thanks to the Fourth Amendment of the US Constitution and all the case law built upon it, police generally need a warrant to search your phone—and that includes just looking at the lock screen, a judge has ruled.

Generally, courts have held that law enforcement can compel you to use your body, such as your fingerprint (or your face), to unlock a phone but that they cannot compel you to share knowledge, such as a PIN. In this recent case, however, the FBI did not unlock the phone. Instead, they only looked at the phone’s lock screen for evidence.

Basically, the court ruled, the FBI pushing the button on the phone to activate the lock screen qualified as a search, regardless of the lock screen’s nature.

Source: Just turning your phone on qualifies as searching it, court rules | Ars Technica

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?

A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.

But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chosen to make public anyway. Click to Chat offers websites an easy way to initiate a WhatsApp chat session with website visitors. It works by associating a Quick Response (QR) code image (created via third-party services) to a site owner’s WhatsApp mobile phone number.

The problem, Jayaram said, is that those mobile numbers can also turn up in Google Search results, because search engines index Click to Chat metadata. The phone numbers are revealed as part of a URL string (https://wa.me/<phone_number>) and so, this in effect “leaks” the mobile phone numbers of WhatsApp users in plaintext, according to the researcher’s view.

Source: WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug? | Threatpost

Apple iPhone mail app vulnerable to hacking

Apple’s built-in iPhone email app has a major security flaw, according to new research, allowing hackers to exploit an iPhone without victims knowing or even clicking on anything.

The discovery raises new questions about whether iPhones are safe to use, especially for people who may be targets of deep-pocketed hackers.

Source: Apple iPhone mail app vulnerable to hacking, new research says – The Washington Post

Trump signs TRACED Act

This week President Trump signed the first federal law designed to combat robocalls , giving federal agencies new abilities to go after illegal robocallers.

The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED) imposes harsher fines of as much as $10,000 per call on robocallers who knowingly violate the rules.

Source: #Privacy: Trump signs TRACED Act

Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones

Chinese security researchers from X-Lab security at Tencent challenged fingerprint security in a presentation at the GeekPwn 2019 conference in Shanghai, writes Forbes. The team claims it can hack into almost any Android or iOS device in just about 20 minutes by using what appears to be a fairly simple fingerprint hacking method.

Without giving too many details about the actual technical approach to the audience, researchers used a smartphone to take a photo of fingerprints left on a glass and ran the photo through an app they developed. They were then able to gain access into three different phones equipped with different scanning technologies, one each with capacitive, optical, and ultrasonic sensors.

Source: Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones | Biometric Update

Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks

Security experts say our growing reliance on cell phones to help confirm our identity online is motivating “SIM-swap” scams to highjack our numbers.

SIM-swap — a “social engineering” trick fraudsters use to take control of somebody else’s phone number. Once scammers control your number, they can get your text messages — including the verification codes many online services send when customers reset their passwords.

Source: Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks, Experts Say : NPR

Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Adaptive Mobile Security has published a new report detailing SimJacker attacks and the number of countries affected. The report identified 29 countries across five continents to which mobile operators ship SIM cards vulnerable to Simjacker attacks.

The countries include Mexico, Dominican Republic, Brazil, Peru, Saudi Arabia, Iraq, Italy, Bulgaria, Nigeria, Ivory Coast and more. Of the 29 countries, customers of a total of 61 mobile operators are currently using vulnerable SIMs with S@T Browser toolkit.

Source: #Privacy: Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Phone numbers users provided for security Twitter used for ad

Twitter revealed Tuesday that it mishandled an unspecified number of users’ email addresses and phone numbers, allowing that data to be used “inadvertently” for advertising purposes.

The incident marks the latest security mishap for the social-networking company, but one that could carry with it some legal headaches. Federal regulators penalized Facebook earlier this year for a similar situation.

Source: Twitter security mishap: Users’ phone numbers were ‘inadvertently’ used for ad purposes – The Washington Post

1 2 3
>