phone hacking
Latest
Europol takes down hackers who allegedly stole over $100 million in crypto from celebs
Eight men have been arrested in the UK for their role in a spate of hacks on US celebs, per Europol, after the criminals broke into the victims’ phones to steal over $100 million in cryptocurrencies. SIM-swapping involves hackers taking control of a person’s phone number by deactivating their SIM and porting the number over to their own SIM card. This is typically done with the help of an insider at the targeted phone service or through social engineering ploys, such as phishing, according to law enforcement.
Phone-hacking device used by police sells on eBay for $100
A phone-hacking device that law enforcement officials use to extract data from phones is popping up on eBay for as little as $100. Federal agencies in the US and elsewhere, including the FBI and Department of Homeland Security, typically spend up to $15,000 on current models of Cellebrite's Universal Forensic Extraction Device, though older versions are available on the secondary market.
EE and Three's voicemail systems hacked using number-cloning trick
With the phone hacking scandal still playing out in the courts, it should be safe to assume that UK mobile operators have put measures in place protect customers' own voicemail inboxes. Unfortunately, that's only half true. We know thanks to an investigation by The Register, which showed that two of the big four carriers had neglected to close a loophole that allows nefarious third-parties to spoof a customer's phone number and immediately gain access to their voicemails. Those two companies? EE and Three. Armed with a target's phone number and VoIP calling system, researchers were able to trick both carriers' voicemail systems into believing a call originated from one of their SIMs. Attempts to hack into Vodafone and O2, however, were unsuccessful. Vodafone blocked attempts with PIN requests, while O2's systems always timed out. When pressed about the issue, Three simply pointed to the voicemail security pages on its website and warned users to set a PIN (which isn't enforced by default). EE immediately set about fixing the flaw and sent out an announcement just a few hours later telling customers it had "patched the issues raised in the article." The company said it also plans to run "a full review of all [its] voicemail platforms," to head off any future issues.
Wireless snooping WASP drone knows you want extra jalapeños, no sliced tomato
This fearsome contraption is the handiwork of a couple of amateur DEFCON-types who reckoned that any self-respecting spy plane ought to be able to impersonate cellphone towers. And that's exactly what the Wireless Aerial Surveillance Platform does -- it tricks AT&T and T-Mobile handsets into connecting to it, then re-routes the incoming calls via VOIP so they don't drop, while simultaneously recording all conversations to 32GB of onboard storage. It can also handle a bit of WiFi snooping on the side, thanks to a Linux-based hacking toolkit and a 340 million word dictionary for guessing passwords. What's more, the WASP apparently achieves all of this without breaking a single FCC regulation. So, er, that's fine then. Oh yeah, and we don't want any of that stuffed crust nonsense, you hear?
