stories filed under: "calls"

VoLTE Flaw Lets A Hacker Spy On Encrypted Communications For A Measly $7,000

from the time-to-take-a-broader-view dept

Mon, Aug 24th 2020 6:23am — Karl Bode

As we've noted, much of the hysteria surrounding TikTok isn't based on anything close to consistent outrage. As in, many of the folks freaking out about a teen dancing app were nowhere to be found when U.S. wireless carriers were found to be selling access to your location data to any random idiot. Most of the folks pearl clutching about TikTok have opposed election security funding or even the most basic of privacy rules. The SS7 flaw that makes most wireless networks vulnerable to eavesdropping ? The lack of any security or privacy safeguards in the internet of things (IOT) space?

Which is all a long way of saying: if you're going to lose sleep over TikTok, you'll be shocked to learn there's an ocean of issues that folks are paying absolutely no attention to. Or, to put it another way, TikTok is probably the very least of a long list of problems related to keeping U.S. data secure.

The latest case in point: a report last week noted how with around $7,000 worth of gear, a marginally competent person could eavesdrop on voice over LTE (VoLTE) communications, even though these transmissions are purportedly encrypted:

"Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000."

It doesn't take that much work to fix the vulnerability, but many wireless carriers are expected to lag in fix implementation:

"With more than 120 providers around the world and over 1,200 different device types supporting VoLTE, it will likely take more time for the eavesdropping weakness to be fully eradicated.

“However, we need to consider a large number of providers worldwide and their large deployments,” the researchers wrote. “It is thus crucial to raise awareness about the vulnerability."

And while the attack requires some degree of finesse and good timing, it's yet another indication that our very basic communications infrastructure isn't half as secure as we like to pretend it is. The report came on the heels of another report indicating that it didn't take much work to spy on much of our satellite communications infrastructure despite these attacks being known about for the better part of the last fifteen years. Then there's the SS7 flaw in most major wireless networks which allows for covert spying of wireless transmission and has been known about for nearly as long.

Which again is a long way of saying that if we genuinely cared about U.S. data privacy and security in the face of hostile global actors, we'd do a hell of a lot better job shoring up basic infrastructure and infrastructure security. Instead we get (waves in the general direction of the TikTok Microsoft kerfuffle) whatever all of this is supposed to accomplish.

Filed Under: calls, encryption, revolte, security, volte

17 Comments

Verizon Won't Complete Calls For Galaxy Note 7 Owners Who Refuse To Return The Flawed Device

(Mis)Uses of Technology

from the spontaneous-combustion dept

Thu, Jan 19th 2017 9:34am — Karl Bode

Most of you recall that Samsung's Galaxy Note 7 suffered a bit of a problem with spontaneously combusting. That led to months of horrible press and an FAA ban on taking the device on airplanes. You might also recall that Samsung exponentially amplified its own PR disaster by then issuing a replacement phone that suffered from the exact same problem. Since then, carriers have been passing on a Samsung update that effectively bricks the device, preventing users from recharging the device. Most users have traded in the device for, you know, something that doesn't explode.

But there remain a few thousand Galaxy Note 7 owners that for whatever reason have chosen to ignore Samsung and the formal recall by the US Consumer Product Safety Commission. According to Verizon, there are still "thousands" of users on their network who continue to use the device, refusing to install the update that would render the device inoperable:

"In spite of our best efforts, there are still customers using the recalled phones who have not returned or exchanged their Note 7 to the point of purchase," a Verizon spokeswoman tells Fortune. "The recalled Note 7s pose a safety risk to our customers and those around them."

Interestingly, Verizon was initially the only wireless provider that refused to pass on the bricking update, insisting they didn't want to leave customers stranded for the holidays (despite the fact said users could have swapped out the device for free at any time). But Verizon has since taken a notably harder stance on the safety issues created by the device. As such, they've announced that they'll now refuse to connect any of the non-911 calls made via the Galaxy Note 7, instead routing every call to Verizon's customer service department:

"So now Verizon is going to go even further, putting the phones in a special category so that all outgoing calls not directed toward the 911 emergency service will only connect to customer service. Because Note 7 users have also already been reimbursed for the cost of the long-since recalled Note 7, Verizon is also saying it might bill the holdouts for the full retail cost of the phone."

It's a curious predicament. On the one hand, you can't feel particularly bad for customers who knowingly refuse to trade in a device that could spontaneously explode, hurting themselves or others in the process. On the other hand, these users are supposed to technically "own" this device, which a carrier is now refusing to connect to the network. And while users on device payment plans may technically still owe Verizon money for the device in Verizon's billing systems, users are arguing that Samsung has already reimbursed Verizon for these devices in the wake of the recall.

Verizon insists it needs to disable the device for public safety (though liability could still be a motivator), while Galaxy Note 7 owners apparently believe they have every right to be stupid, self-immolation be damned.

Filed Under: batteries, calls, exploding, galaxy note 7
Companies: verizon

31 Comments

Prison Telecom Monopolies 'Evolve,' Now Rip Off Inmate Families With Shoddy Video Services, Too

(Mis)Uses of Technology

from the truly-captive-markets dept

Thu, May 12th 2016 2:01pm — Karl Bode

We've noted a few times how interstate inmate calling service (ICS) companies have a disturbingly cozy relationship with government, striking (technically buying) monopoly deals that let them charge inmate families $14 per minute. Worse, some ICS companies like Securus Technologies have been under fire for helping the government spy on privileged inmate attorney communications, information that was only revealed after Securus was hacked late last year. Given the apathy for prison inmates and their families ("Iff'n ya don't like high prices, don't go to prison son!") reform on this front has been glacial at best.

As such, ripping off inmate families and delivering sub-par services continues unabated. As many prisons eliminate personal visits, these ICS firms have expanded revenues by pretending to offer next-generation teleconferencing services. But while slightly more economical ($10 for 20 minutes), apparently companies like Securus with no competitors, a captive audience, and no repercussions for sloppy technology haven't quite figured out how to make this whole video chat thing work yet. As a result, inmates who use the services say their experiences are repeatedly abysmal:

"Johnson logged into the Securus Technologies website — a Skype-like communication system used by the Travis County jail — on her PC laptop. But the video player didn't have the latest version of Java. When Johnson installed it, the system insisted she had not. So Johnson tried another laptop — a MacBook this time. Java was working this time, Flash was not.

Thinking the browser might be the problem, Johnson tried launching the video player in Chrome, then switched to Safari before giving up and using the Securus Android app on her phone.

Finally, Coleman's face appeared on screen — barely. For the entire call, a glitch in the system caused Coleman's image to look like a tangle of window blinds. Johnson wanted to talk to Coleman about her case, but through most of the call, she simply repeated, "Hello — can you hear me now?" Johnson was charged $10 for the video visit, even after cutting it a few minutes short of the 20-minute maximum."

In short, Securus is the Comcast of the industrial incarceration sector, and as a result customer support and service is about what you'd expect. 600 prisons in 46 states now have video visitation, and more prisons are doing away with in site visitations monthly, creating yet more revenue opportunities for ICS outfits. Reformers have been arguing that cutting off in-person visitation increases on-site violence by frustrated inmates, and hindering an inmate's ability to maintain outside connections (kind of hard when your wife and child look like pixelated Godzilla) increases the risk of repeat incarceration:

"County officials across the country claim video visitation is good for security. When Renaud got ahold of prison records, they showed that incidences of inmate-on-inmate violence, disciplinary infractions and possession of contraband all rose after Travis County did away with in-person visitation. Because visitation is so new, these statistics are the earliest indication that the pro-security pitch for video visitation is all snake oil.

The past decade in research shows consistently (pdf) that maintaining the relationships the incarcerated will inevitably return to for support once they're released is a powerful agent in keeping them from repeat offenses. One study of over 16,000 incarcerated people found that any visitation at all, even just once, reduced the risk of recidivism by 13% for felony reconvictions."

The problem is that the dysfunction of prison telecom goes bone deep, and reform efforts remain superficial at best. After decades of inaction, the FCC recently tried to impose new price caps of twenty-two cents per minute on ICS companies, but those rules are on hold thanks to a lawsuit from prison telecom operators like Securus that claim prisons face riots if companies can't keep charging consistent rates.

But the core problem remains that such companies get to pay "concession fees" or "site commissions" (read: kickbacks) to prisons for monopoly control over prison inmate communications services. Prisons are paid $460 million annually in such concession fees, and Los Angeles makes $15 million annually off of such fees alone. Obviously that kind of cash quickly kills any attempt at real reform, so not unlike the outside world, prison telecom services remain an ouroboros of profitable dysfunction; a government-sanctioned monopoly with very real human costs, one nobody in the supply chain wants to even examine, much less actually fix.

Filed Under: calls, captive audience, inmates, prison, video, visitation
Companies: securus

20 Comments

Internet Slowdown Protests Drove Over 300,000 Calls & 2 Million Emails To Congress, Plus Another 700,000 FCC Comments

Say That Again

from the but-still-some-want-to-dismiss-it dept

Thu, Sep 11th 2014 2:42pm — Mike Masnick

In discussing yesterday's internet slowdown day protest, we noted that, at its peak, the effort was driving over 1,000 calls per minute to Congress. The final numbers are now in, and they're amazing.

If you can't see the image, it shows 303,099 calls made to Congress, 2,167,092 emails sent to Congress, and another 722,364 comments filed with the FCC. If you want to file comments with the FCC (you can read ours, if you'd like a sample) I recommend using EFF's DearFCC.org website.

What's amazing is how quick some folks have been to try to dismiss this massively successful effort. The most hilarious of all has to be Newsweek (the same publication that recently outed the wrong Satoshi Nakamoto as the "creator" of Bitcoin), whose Lauren Walker seemed so anxious to slam the protests as meaningless that she wrote a hilariously wrong article suggesting no one really participated in the protests, and that even the activists are conceding that net neutrality is dead.

Walker uses the weak premise that so many cynical tech press folks have used in the past few years: if an online protest doesn't match the astounding numbers from the giant anti-SOPA/PIPA internet "blackout," then clearly it's a failure. That's a dumb hacky premise, but hacky reporters keep jumping on it. Even worse, however, is that (beyond misquoting Fight for the Future's Evan Greer), Walker insists that the protest fizzled because very few sites took part, and those that did probably didn't drive anyone to do anything. She reports none of the numbers above, and totally incorrectly claims that just 76 websites participated. The number was actually more than 10,000. Reporting!

Either way, the effort yesterday has to be seen as a huge success in driving awareness on the issue and also in letting DC know that the public really cares about this issue. And, now, we wait to see if the FCC will actually listen to those pleas.

Filed Under: calls, congress, fcc, internet slowdown day, net neutrality, open internet, protests

29 Comments

Internet Slowdown Day Generated 1,000 Calls Per Minute To Congress

Say That Again

from the nice-work... dept

Wed, Sep 10th 2014 8:38pm — Mike Masnick

A brief update on how the Internet Slowdown Day effort went, in case you missed it. Tons of sites jumped on board, including my favorite, Clickhole (The Onion's lovingly wonderful attempt to satirize clickbait sites), which showed off images of koalas that refused to load to in an effort to call for net neutrality... With the effort on so many different websites, reports are that, at its peak, there were over a thousand calls per minute going into the Congressional switchboard, which is a huge deal. Many in Congress are indicating that their offices are getting swamped with calls.

The main act is over at the FCC, but not in Congress (mainly because Congress has no desire to get anywhere near reforming the Telecommunications Act, as it should). However, a big part of the issue at the FCC is the political fight that it will set off no matter what decision it eventually comes to. The more Congress realizes that the public really supports an open and neutral internet, the more likely it is that the FCC will have the political cover to do what's right. This is good news. Again, if you're still trying to understand all this net neutrality stuff, we've got a big primer to check out.

Filed Under: activism, calls, internet slowdown day, net neutrality, open internet

62 Comments

Phone Calls Are So Last Century

(Mis)Uses of Technology

from the keep-up-with-the-times dept

Thu, Mar 24th 2011 7:07am — Mike Masnick

A month or so ago, a friend of mine asked if I could do a favor (helping point someone in the right direction for a job) for someone -- a relative of a friend of my friend, so this was pretty distant. There was an email introduction, and a request to talk by phone so I could learn a bit more about this person in order to actually help. I noted that I was busy over the next few days, but had some open time on a Thursday morning or Friday afternoon, expecting, as usually seems to happen in these cases, that they'd come back with some specific times. Instead, the person emailed "great, give me your phone number and I'll call when available." I found myself immediately uninterested. Something in the back of my brain said "if this person doesn't respect my time enough to actually set a specific time, but would prefer to just interrupt me at random, then I'm going to pass on helping here." I don't know if that's a rude response -- perhaps it is -- but it's what I felt. And it was at that point that I realized how rare it is that I'll accept or make unexpected or unplanned phone calls, with the exception of my wife and my parents (and potentially some work-related "emergency.") There are a few very close, long-term friends that I'll call every so often, but I really haven't done that in a while, and I feel a bit awkward about doing it these days. I still talk on the phone for meetings, but always at set times.

Apparently, I'm not the only person who feels this way. Many people are realizing that random phone calls are just not considered polite any more. They're somewhat interruptive and can be annoying. What strikes me as really interesting is that this isn't a case of just the "younger generation" feeling this way -- but it's actually true of many older people as well.

I find this interesting for any number of reasons, including how counterintuitive it may actually be. These days, people have phones with them at all times. In the past, when most people didn't have mobile phones, such random calls were more common. And you might assume that our greater access to telephony would mean greater desire to make calls. Now, obviously, a big part of the reason for making calls has been replaced by (mostly text-based) alternative means, such as email, text messaging and social networks. But, I'd argue that the greater access also makes us more wary in general. For example, I was thinking about calling a friend recently, who I hadn't spoken to in a while, but realized it would be his mobile phone, and what if he was out with his wife and kids, and I didn't want to interrupt that.

It's kind of an interesting phenomenon, which makes me wonder if the idea of personal voice calls was really just a temporary slice of time that is going entirely out of style. Perhaps there will be some sort of quaint revival, like the idea that people have of writing paper letters to each other these days as being more "personal," but the whole phenomenon of the random personal phone call is pretty much becoming a thing of the past.

Filed Under: calls, phones, talking

87 Comments

Winner Of $10k From Apple Hung Up, Assuming It Was A Prank Call Or A Sales Call

Too Much Free Time

from the well-trained dept

Tue, Jan 25th 2011 4:05am — Mike Masnick

If someone calls you up, claiming to be from Apple and telling you that you've won $10,000 for downloading the 10 billionth app in the iTunes App Store, you'd probably think it was a scam too. That's certainly what Gail Davis in the UK thought when it happened to her -- except that it actually turned out to be real. All I can say is kudos to Ms. Davis for recognizing just how unlikely the story was... and for then taking the second call and realizing it was actually true.

Filed Under: calls, itunes, prizes
Companies: apple

23 Comments

Follow Techdirt

Essential Reading

The Techdirt Greenhouse

Read the latest posts:

read all »

Techdirt Deals

Report this ad | Hide Techdirt ads

Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Older Stuff

Thursday
13:33	Former Employees Say Mossad Members Dropped By NSO Officers To Run Off-The-Books Phone Hacks (2)
12:01	No, Creating An NFT Of The Video Of A Horrific Shooting Will Not Get It Removed From The Internet (18)
10:49	San Francisco Cops Are Running Rape Victims' DNA Through Criminal Databases Because What Even The Fuck (18)
10:44	Daily Deal: The Complete 2022 Java Coder Bundle (0)
09:31	As Expected, Trump's Social Network Is Rapidly Banning Users It Doesn't Like, Without Telling Them Why (44)
06:30	Comcast Continues To Bleed Olympics Viewers After Years Of Bumbling (19)
Wednesday
20:42	Apple Finally Defeats Dumb Diverse Emoji Lawsuit One Year Later (6)
15:39	Clearview Pitch Deck Says It's Aiming For A 100 Billion Image Database, Restarting Sales To The Private Sector (10)
13:41	Peloton Outage Prevents Customers From Using $2,500 Exercise Bikes (16)
12:09	The GOP Knows That The Dem's Antitrust Efforts Have A Content Moderation Trojan Horse; Why Don't The Dems? (16)
10:51	Hertz Ordered To Tell Court How Many Thousands Of Renters It Falsely Accuses Of Theft Every Year (24)
09:21	Even As Trump Relies On Section 230 For Truth Social, He's Claiming In Lawsuits That It's Unconstitutional (34)
06:16	Medical, Home Alarm Industries Warn Of Major Outages As AT&T Shuts Down 3G Network (25)
Tuesday
20:37	Video Game History Foundation: Nintendo Actions 'Actively Destructive To Video Game History' (29)
15:35	Massachusetts Court Says No Expectation Of Privacy In Social Media Posts Unwittingly Shared With An Undercover Cop (17)
13:30	Techdirt Podcast Episode 312: Regulating The Internet (2)
12:03	US Copyright Office Gets It Right (Again): AI-Generated Works Do Not Get A Copyright Monopoly (60)
10:42	LA Sheriff Threatens To 'Subject' City Council To 'Defamation Law' If They Won't Stop Calling His Deputies 'Gang Members' (20)
10:37	Daily Deal: codeSpark Academy Sibling Bundle (0)
09:25	Trump's Truth Social Bakes Section 230 Directly Into Its Terms, So Apparently Trump Now Likes Section 230 (128)
06:22	15 Years Late, The FCC Cracks Down On Broadband Apartment Monopolies (31)
Sunday
12:05	Funniest/Most Insightful Comments Of The Week At Techdirt (11)
Saturday
12:00	This Week In Techdirt History: February 13th - 19th (1)
Friday
19:39	Letter From High-Ranking FBI Lawyer Tells Prosecutors How To Avoid Court Scrutiny Of Firearms Analysis Junk Science (25)
15:52	Nintendo Is Beginning To Look Like The Disney Of The Video Game Industry (44)
13:49	Seattle Public Radio Station Manages To Partially Brick Area Mazdas Using Nothing More Than Some Image Files (44)
12:13	Thankfully, Jay Inslee's Unconstitutional Bill To Criminalize Political Speech Dies In The Washington Senate (8)
10:52	How Our Convoluted Copyright Regime Explains Why Spotify Chose Joe Rogan Over Neil Young (136)
10:47	Daily Deal: The Complete Blocs Website Builder Bundle (0)
09:33	Arizona Prosecutor Who Brought Bogus Gang Charges Against Protesters Files Ridiculous Defamation Suit Against Her Boss (12)

VoLTE Flaw Lets A Hacker Spy On Encrypted Communications For A Measly $7,000

from the time-to-take-a-broader-view dept

Verizon Won't Complete Calls For Galaxy Note 7 Owners Who Refuse To Return The Flawed Device

from the spontaneous-combustion dept

Prison Telecom Monopolies 'Evolve,' Now Rip Off Inmate Families With Shoddy Video Services, Too

from the truly-captive-markets dept

Internet Slowdown Protests Drove Over 300,000 Calls & 2 Million Emails To Congress, Plus Another 700,000 FCC Comments

from the but-still-some-want-to-dismiss-it dept

Internet Slowdown Day Generated 1,000 Calls Per Minute To Congress

from the nice-work... dept

Phone Calls Are So Last Century

from the keep-up-with-the-times dept

Winner Of $10k From Apple Hung Up, Assuming It Was A Prank Call Or A Sales Call

from the well-trained dept

The Techdirt Greenhouse

Thursday

Wednesday

Tuesday

Sunday

Saturday

Friday

More

Tools & Services

Company

Contact

More

from the time-to-take-a-broader-view dept

from the spontaneous-combustion dept

from the truly-captive-markets dept

from the but-still-some-want-to-dismiss-it dept

from the nice-work... dept

from the keep-up-with-the-times dept

from the well-trained dept

Techdirt Daily Newsletter

The Techdirt Greenhouse

Tools & Services

Company

Contact

More