Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

A Flawed Network, By Any Other Name...

November 13, 2019 by Marc Handelman in Information Security, Network Security, Mobile Security, Mobile Networks, Mobile Telephony

via Lily Hay Newman, writing for Wired Magazine, comes this outstanding piece on the extant tally of known flaws within deployments of 5g networking hardware infrastructure. H/T

'"The thing I worry about most is that attackers could know the location of a user," Purdue's Hussain says. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."' - via Lily Hay Newman, writing for Wired

November 13, 2019 /Marc Handelman
Information Security, Network Security, Mobile Security, Mobile Networks, Mobile Telephony

Krebs On Security: Brilliant Exposé Of US Wireless Carriers

August 14, 2019 by Marc Handelman in Radio Telephony, Feet of Clay, Security Bloggers Network, Mobile Telephony, Mobile Security, Mobile Networks

Fellow member of the Security Bloggers Network - Brian Krebs and his superlative blog Krebs On Security provides a tour de force exposé of the unfortunate current security posture of the wireless carriers in the United States. Read it my friends, and weep for your mobile telephony, and the decidely non-righteous path the Carriers are on.

"If you are somehow under the impression that you — the customer — are in control over the security, privacy and integrity of your mobile phone service, think again. And you’d be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel. No, a series of recent court cases and unfortunate developments highlight the sad reality that the wireless industry today has all but ceded control over this vital national resource to cybercriminals, scammers, corrupt employees and plain old corporate greed." - via the inimitable Brian Krebs at Krebs On Security

August 14, 2019 /Marc Handelman
Radio Telephony, Feet of Clay, Security Bloggers Network, Mobile Telephony, Mobile Security, Mobile Networks

Image Credit: Vermont.org

The Story: Vermont State Official Proves Carrier Claims Of Coverage Are Hogwash

January 17, 2019 by Marc Handelman in Mobile Telephony, Mobile Networks, Radio, Radio Telephony

John Dillon writing at Vermont Public Radio, brings forth the true story of Cory Chase, a State of Vermont Telecommunications Infrastructure Specialist and his quest to accurately detail mobile telephony signal coverage in his stunningly beautiful State (easily one of the most beautiful States in this Union of ours). This superbly written screed also includes a link to Mr. Chase's interactive arcGIS map and his excruciatingly detailed Mobile Wireless 2018 Report. Enjoy. H/T

"The state challenged the carriers' maps following a rigorous procedure for data collection outlined by the FCC. That’s what had Chase driving around with the six cell phones, each capable of sophisticated download speed tests every 20 seconds. The result was 187,506 download speed test results at locations about 360 meters apart along all of the major roads in the state." - via John Dillon writing at Vermont Public Radio

January 17, 2019 /Marc Handelman
Mobile Telephony, Mobile Networks, Radio, Radio Telephony

The Three

January 10, 2019 by Marc Handelman in Feet of Clay, Information Security, CPNI, Demise of Privacy, Mobile Networks, Mobile Telephony, Mobile Security

Three US Based Mobile Providers Still Selling User Location Data

The bad news was delivered to me on Tuesday afternoon by this outstanding post by Jon Brodkin, reporting for Ars Technica. Read it and weep my friends, as they will know you by your location... Think it's time to move to a dumb phone from your current leaky smartphone? Think again Binky, as your location can still be determined and sold (if only from triangulated tower geography when your phone mpves from cell to cell and registers with the tower).

"In June 2018, all four major US wireless carriers pledged to stop selling their mobile customers' location information to third-party data brokers. The carriers were pressured into making the change after a security problem leaked the real-time location of US cell phone users. But an investigation by Motherboard found that "T-Mobile, Sprint, and AT&T are [still] selling access to their customers' location data and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country." - via Jon Brodkin, reporting for Ars Technica*

January 10, 2019 /Marc Handelman
Feet of Clay, Information Security, CPNI, Demise of Privacy, Mobile Networks, Mobile Telephony, Mobile Security

A Cornucopia of Flaws, The LTE Debacle →

April 22, 2018 by Marc Handelman in Mobile Networks, Mobile Security, Mobile Telephony, Information Security

via Sean Gallagher, writing at Ars Technica, comes the astounding story of mobile telephony flaws extraordinaire. Also known as the vector of choice for espionage, network intrusion, and data exfiltration. Today's MustRead.

April 22, 2018 /Marc Handelman
Mobile Networks, Mobile Security, Mobile Telephony, Information Security
Rant of Dev.jpg

Developer Errors Exposes 180 Million Phones to Compromise →

November 14, 2017 by Marc Handelman in Cellular Telephony, Mobile Security, Mobile Telephony, Mobile Networks, Lack of Security Regimen, Or Lack Thereof

Oops, They Did It Again! Coupled with the other well-known security issues (e.g., the recently exposed (but decades old) SS7 Flaw) this latest display of security-related development governance (or lack-thereof) by the MNO's is highly dangerous; and spans borders.

November 14, 2017 /Marc Handelman
Cellular Telephony, Mobile Security, Mobile Telephony, Mobile Networks, Lack of Security Regimen, Or Lack Thereof

The Banning →

October 12, 2017 by Marc Handelman in Data Leakage, Data Loss Prevention, Information Security, Mobile Security, Mobile Networks, Mobile Telephony

Behold, the top banned (i.e., blacklisted by the Enterprise) iOS and Android mobile applications with data generated by Appthority.

'According to Appthority’s proprietary Mobile Threat Risk Score, Uber, WhatsApp Messenger and Facebook Messenger are the riskiest Android apps commonly found in enterprise environments. The riskiest iOS apps found in enterprises are Facebook, Pandora and Yelp.' - via Helpnet Security

October 12, 2017 /Marc Handelman
Data Leakage, Data Loss Prevention, Information Security, Mobile Security, Mobile Networks, Mobile Telephony

BlackHat, Moritz Lipp & Clémentine Maurice's 'ARMageddon' →

August 20, 2017 by Marc Handelman in Blackhat, Conferences, Education, Communications, Communication Security, Mobile Security, Mobile Networks, Mobile, Hardware Security
August 20, 2017 /Marc Handelman
Blackhat, Conferences, Education, Communications, Communication Security, Mobile Security, Mobile Networks, Mobile, Hardware Security

Burners, The Tightening

June 02, 2016 by Marc Handelman in All is Information, Communications, Communications Governance, Cryptography, Demise of Privacy, Information Security, Mobile Networks, Mobile Security, Signals

Well wrought thought piece on the use, and misuse, of prepaid cellular telephony hardware, the so-call Burner, and the effort to enforce regulations thereto. Entitled Burner Phones: Will Tightening Restrictions on Prepaid Cell Phones Solve Anything? Certainly today's Must Read post...

June 02, 2016 /Marc Handelman
All is Information, Communications, Communications Governance, Cryptography, Demise of Privacy, Information Security, Mobile Networks, Mobile Security, Signals

Open Internet and Mobility...

April 02, 2015 by Marc Handelman in All is Information, ISOC, Internet Governance, Mobile Networks, OpenSource

Behold, Mobile Monday DC. Today's Must See TV...

The panel represented a stakeholder cross-section - small carriers, lobbyists, and content/application providers. Speakers: Dan Johnson, VP, Policy, Computer & Communications Industry Association (CCIA); Jon Potter, President, Application Developers Alliance; Aaron Saunders, CEO, Clearly Innovative; Eric Wolf, VP Technology Strategy & Management, PBS. Moderator: Stephanie Joyce, Arent Fox. - via Joly MacFie

April 02, 2015 /Marc Handelman
All is Information, ISOC, Internet Governance, Mobile Networks, OpenSource

FCC Issues Net Neutrality Order Document →

March 16, 2015 by Marc Handelman in All is Information, Commerce, Communications, Compute Infrastructure, Electrical Engineering, Governance, Government, Information Security, Infrastructure, Internet, Internet Governance, Legal, Mobile Networks, Networks, TCP/IP Internetworking, United States of America

The Federal Communications Commission has issued the codified order targeting Net Neutrality. Entitled FCC 15-24*, for GN Docket Number 14-28, In the Matter of Protecting and Promoting the Open Internet, Report and Order on Remand, Declaratory Ruling, and Order. At over *Four hundred pages long*, this document will (likely) become one of the most highly contentious Orders emerging this year (or the weapon of choice for conspiracy theorists due to it's weight*) from the Commission.

March 16, 2015 /Marc Handelman
All is Information, Commerce, Communications, Compute Infrastructure, Electrical Engineering, Governance, Government, Information Security, Infrastructure, Internet, Internet Governance, Legal, Mobile Networks, Networks, TCP/IP Internetworking, United States of America

Redefining 'Unlimited' Suddenly Becomes Quite Expensive →

February 15, 2015 by Marc Handelman in All is Information, Communications, Mobile Networks, MVNOs, Deceptive Business Claims

Good news, via the United States Federal Trade Commission. TracFone - noted as the largest prepaid mobile provider in the United States, has agreed to refund $40,000,000 to it's customers due to misleading statements regarding so-called 'unlimited' data. TracFone Customers who had a Straight Talk, Net10, Simple Mobile, or Telcel America unlimited plans prior to January 2015 are encouraged to file a refund claim at the FTC's refund page. Absolutely Outstanding.

February 15, 2015 /Marc Handelman
All is Information, Communications, Mobile Networks, MVNOs, Deceptive Business Claims