stories filed under: "mobile networks"

Hackers Have Been Stealing User Data From Global Cell Networks Since 2012

from the whoops-a-daisy dept

Thu, Jun 27th 2019 6:26am — Karl Bode

We've noted for a long time that the wireless industry is prone to being fairly lax on security and consumer privacy. One example is the recent rabbit hole of a scandal related to the industry's treatment of user location data, which carriers have long sold to a wide array of middlemen without much thought as to how this data could be (and routinely is) abused. Another example is the industry's refusal to address the longstanding flaws in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations.

This week, carriers were once again exposed for not being the shining beacons of security they tend to advertise themselves as. A new report emerged this week showcasing how, for years, hackers have been exploiting substandard security at more than 10 global wireless carriers to obtain massive troves of data on specific targets of interest. Researchers at Boston-based Cybereason, who first discovered the operation, say the hackers exploited a vulnerability on an internet-connected web server to gain a foothold into each cell providers internal network. Once inside, they exploited numerous machines to gain a deeper and deeper access to the cell network:

"You could see straight away that they know what they’re after,” said Amit Serper, head of security research at Cybereason. “They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.”

Once the hackers gained access to the domain controller, the hackers had control of the entire network. “Everything is completely owned,” said Serper.

Comforting! Hackers, presumed to likely be state actors pilfering user data invisibly, then extracted gigabytes of data on targets without having to install malware on the target's local phone. It's not clear which state actors were involved; researchers suggest it was either China, or somebody eager to make it appear it was China:

"Cybereason did say it was with “very high probability” that the hackers were backed by a nation state but the researchers were reluctant to definitively pin the blame.

The tools and the techniques — such as the malware used by the hackers — appeared to be “textbook APT 10,” referring to a hacker group believed to be backed by China, but Div said it was either APT 10, “or someone that wants us to go public and say it’s [APT 10]."

So far the researchers say no North American cell providers have been confirmed as targets, but given the stealth nature of the intrusions and how long they were being conducted without detection, that's likely no guarantee intrusions didn't happen all the same. The full report indicates this effort has been underway since at least 2012, again highlighting how global cellular networks may not quite be the bastions of security wireless carriers often profess them to be.

Filed Under: data, hackers, mobile networks, ss7

9 Comments

AT&T Continues To Mock The Concept Of Net Neutrality; This Time With Google Hangouts Block

Wireless

from the you-need-permission-to-innovate-on-our-network dept

Thu, May 16th 2013 12:52pm — Mike Masnick

The big telcos (AT&T and Verizon) have been trying to move more and more to wireless networks over wired networks, in large part because they've realized that, for whatever reason, the FCC more or less gave them pretty free rein to completely ignore net neutrality concepts on their wireless networks. So it really shouldn't come as much of a surprise to see that AT&T has responded to the latest Google Hangouts app, which replaces the standard Google Talk app, by blocking video while on a cellular connection on Android phones (oddly, it works on iPhones). As you may recall, AT&T actually got into trouble for doing the same thing with FaceTime on the iPhone. AT&T's statement about this, as given to The Verge, parses its words very carefully, as if they think everyone is a complete moron:

All AT&T Mobility customers can use any video chat app over cellular that is not pre-loaded on their device, but which they download from the Internet. For video chat apps that come pre-loaded on devices, we offer all OS and device makers the ability for those apps to work over cellular for our customers who are on Mobile Share, Tiered and soon Unlimited plan customers who have LTE devices. It's up to each OS and device makers to enable their systems to allow pre-loaded video chat apps to work over cellular for our customers on those plans.

The whole focus on "pre-loaded" apps was how AT&T tried to tap dance around net neutrality questions last year with FaceTime. And it's completely made up and bogus.

Basically, they're saying if you want to do video, you have to ask permission. That's a broken system. It goes against what makes the internet good and useful: the fact that you can innovate without permission. A mobile carrier -- one who may see video chat apps as competition, for example -- being able to act as a gatekeeper to block the usefulness of such apps is a dangerous situation for those who believe in promoting innovation. We shouldn't stand for an internet where one company gets to pick what you're allowed to do.

And, just to cut this off before anyone brings up a really silly argument to defend AT&T: yes, bandwidth on mobile broadband networks is somewhat more limited (though not as limited as they would have you believe). But, these networks, for the most part, have all done away with unlimited accounts anyway. So if people use up all their broadband quota on video calls, that should be their own decision. AT&T has already made pricing decisions that limit bandwidth to consumers, so further limiting their choice in apps makes no sense on top of that.

Filed Under: blocks, google hangouts, mobile networks, net neutrality, permission, pre-installed apps
Companies: at&t, google

31 Comments

So Many Reasons Why Deutsche Telekom Won't Buy Sprint

Predictions

from the pin-drop dept

Mon, May 5th 2008 4:10pm — Mike Masnick

There's a rumor going around that Deutsche Telekom is thinking about buying Sprint. This is a bad idea for any number of reasons. Deutsche Telekom owns T-Mobile, which competes with Sprint, and which has certainly fallen way behind AT&T, Verizon Wireless and Sprint in terms of coverage and next generation network deployments. At the same time Sprint has definitely faced some tough times recently that have weighed heavily on the stock. So, you could see why Deutsche might initially think about it. T-Mobile is behind in the game, and merging with Sprint could (emphasis on could) jumpstart the business a bit. Plus, it's reasonable to think that Sprint may be undervalued these days. But... it's still a bad idea. T-Mobile and Sprint use totally different network technologies. Sprint is still dealing with the mess of trying to integrate Nextel's iDen system into its own CDMA-based system (which is part of the reason the company has been in trouble lately), and dumping a third totally incompatible technology into the mix doesn't seem wise. You could (again, emphasis on could) argue that Sprint now has some experience merging totally incompatible networks, but so far it's not exactly good experience. All in all, this seems like someone tossing out a suggestion. It's hard to see this as a legitimate possibility.

Filed Under: integration, mergers, mobile networks
Companies: deutsche telekom, sprint, t-mobile

14 Comments

Follow Techdirt

Essential Reading

The Techdirt Greenhouse

Read the latest posts:

read all »

Techdirt Deals

Report this ad | Hide Techdirt ads

Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Older Stuff

Thursday
13:33	Former Employees Say Mossad Members Dropped By NSO Officers To Run Off-The-Books Phone Hacks (2)
12:01	No, Creating An NFT Of The Video Of A Horrific Shooting Will Not Get It Removed From The Internet (18)
10:49	San Francisco Cops Are Running Rape Victims' DNA Through Criminal Databases Because What Even The Fuck (18)
10:44	Daily Deal: The Complete 2022 Java Coder Bundle (0)
09:31	As Expected, Trump's Social Network Is Rapidly Banning Users It Doesn't Like, Without Telling Them Why (44)
06:30	Comcast Continues To Bleed Olympics Viewers After Years Of Bumbling (19)
Wednesday
20:42	Apple Finally Defeats Dumb Diverse Emoji Lawsuit One Year Later (6)
15:39	Clearview Pitch Deck Says It's Aiming For A 100 Billion Image Database, Restarting Sales To The Private Sector (10)
13:41	Peloton Outage Prevents Customers From Using $2,500 Exercise Bikes (16)
12:09	The GOP Knows That The Dem's Antitrust Efforts Have A Content Moderation Trojan Horse; Why Don't The Dems? (16)
10:51	Hertz Ordered To Tell Court How Many Thousands Of Renters It Falsely Accuses Of Theft Every Year (24)
09:21	Even As Trump Relies On Section 230 For Truth Social, He's Claiming In Lawsuits That It's Unconstitutional (34)
06:16	Medical, Home Alarm Industries Warn Of Major Outages As AT&T Shuts Down 3G Network (25)
Tuesday
20:37	Video Game History Foundation: Nintendo Actions 'Actively Destructive To Video Game History' (29)
15:35	Massachusetts Court Says No Expectation Of Privacy In Social Media Posts Unwittingly Shared With An Undercover Cop (17)
13:30	Techdirt Podcast Episode 312: Regulating The Internet (2)
12:03	US Copyright Office Gets It Right (Again): AI-Generated Works Do Not Get A Copyright Monopoly (60)
10:42	LA Sheriff Threatens To 'Subject' City Council To 'Defamation Law' If They Won't Stop Calling His Deputies 'Gang Members' (20)
10:37	Daily Deal: codeSpark Academy Sibling Bundle (0)
09:25	Trump's Truth Social Bakes Section 230 Directly Into Its Terms, So Apparently Trump Now Likes Section 230 (128)
06:22	15 Years Late, The FCC Cracks Down On Broadband Apartment Monopolies (31)
Sunday
12:05	Funniest/Most Insightful Comments Of The Week At Techdirt (11)
Saturday
12:00	This Week In Techdirt History: February 13th - 19th (1)
Friday
19:39	Letter From High-Ranking FBI Lawyer Tells Prosecutors How To Avoid Court Scrutiny Of Firearms Analysis Junk Science (25)
15:52	Nintendo Is Beginning To Look Like The Disney Of The Video Game Industry (44)
13:49	Seattle Public Radio Station Manages To Partially Brick Area Mazdas Using Nothing More Than Some Image Files (44)
12:13	Thankfully, Jay Inslee's Unconstitutional Bill To Criminalize Political Speech Dies In The Washington Senate (8)
10:52	How Our Convoluted Copyright Regime Explains Why Spotify Chose Joe Rogan Over Neil Young (136)
10:47	Daily Deal: The Complete Blocs Website Builder Bundle (0)
09:33	Arizona Prosecutor Who Brought Bogus Gang Charges Against Protesters Files Ridiculous Defamation Suit Against Her Boss (12)

Hackers Have Been Stealing User Data From Global Cell Networks Since 2012

from the whoops-a-daisy dept

AT&T Continues To Mock The Concept Of Net Neutrality; This Time With Google Hangouts Block

from the you-need-permission-to-innovate-on-our-network dept

So Many Reasons Why Deutsche Telekom Won't Buy Sprint

from the pin-drop dept

The Techdirt Greenhouse

Thursday

Wednesday

Tuesday

Sunday

Saturday

Friday

More

Tools & Services

Company

Contact

More

from the whoops-a-daisy dept

from the you-need-permission-to-innovate-on-our-network dept

from the pin-drop dept

Techdirt Daily Newsletter

The Techdirt Greenhouse

Tools & Services

Company

Contact

More