TechCrunch: New flaws in 4G, 5G allow attackers to intercept calls and track phone locations

TechCrunch: New flaws in 4G, 5G allow attackers to intercept calls and track phone locations. “A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as ‘stingrays.’ But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.”

Motherboard: Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years

Motherboard: Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years. “Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, with one bail bond firm using the phone location service more than 18,000 times, and others using it thousands or tens of thousands of times, according to internal documents obtained by Motherboard from a company called CerCareOne, a now-defunct location data seller that operated until 2017. The documents list not only the companies that had access to the data, but specific phone numbers that were pinged by those companies.”

The Register: Man drives 6,000 miles to prove Uncle Sam’s cellphone coverage maps are wrong – and, boy, did he manage it

The Register: Man drives 6,000 miles to prove Uncle Sam’s cellphone coverage maps are wrong – and, boy, did he manage it . “A Vermont state employee drove 6,000 miles in six weeks to prove that the cellular coverage maps from the US government suck – and was wildly successful. In fact not only did he prove conclusively that reports delivered to the Federal Communications Commission (FCC) by mobile operators aren’t worth the paper they’re printed on but also swung a spotlight on just how bad bureaucracy can get when it comes to Washington DC.”

ZDNet: T-Mobile bug let anyone see any customer’s account details

ZDNet: T-Mobile bug let anyone see any customer’s account details. “A bug in T-Mobile’s website let anyone access the personal account details of any customer with just their cell phone number. The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the company’s internal tools. The subdomain — promotool.t-mobile.com, which can be easily found on search engines — contained a hidden API that would return T-Mobile customer data simply by adding the customer’s cell phone number to the end of the web address.”

ZDNet: Cell phone tracking firm exposed millions of Americans’ real-time locations

ZDNet: Cell phone tracking firm exposed millions of Americans’ real-time locations. “A company that collects the real-time location data on millions of cell phone customers across North America had a bug in its website that allowed anyone to see where a person is located — without obtaining their consent.”

New York Times: Service Meant to Monitor Inmates’ Calls Could Track You, Too

New York Times: Service Meant to Monitor Inmates’ Calls Could Track You, Too. “The service provided by Securus reveals a potential weakness in a system that is supposed to protect the private information of millions of cellphone users. With customers’ consent, carriers sell the ability to acquire location data for marketing purposes like providing coupons when someone is near a business, or services like roadside assistance or bank fraud protection. Companies that use the data generally sign contracts pledging to get people’s approval — through a response to a text message, for example, or the push of a button on a menu — or to otherwise use the data legally. But the contracts between the companies, including Securus, are ‘the legal equivalent of a pinky promise,’ [Senator Ron] Wyden wrote.”

Smithsonian: How the Cell Phone Is Forever Changing Human Communication

A little far afield, but I find it fascinating so there. From Smithsonian Magazine: How the Cell Phone Is Forever Changing Human Communication. “Sure — it may sound ridiculous that Snapchat, an application through which friends send pictures that can only be viewed for a few seconds before deletion, has the ability to destroy relationships, but cell phones have started a new type of conversation, one that has catalyzed the restructuring of our social environment. Every picture, every snapchat, every punctuation mark is part of a new form of language brought about by a new tool of communication.”

WSJ: Cellphone Smudges Yield a Trove of Forensic Data

Mine is the one with the tea and the cat hair. From the Wall Street Journal: Cellphone Smudges Yield a Trove of Forensic Data. “Traces of molecules and microbes left when you handle your phone can add up to a composite portrait, including gender, diet, medications, clothing, beauty products, and places visited, researchers at the University of California in San Diego said Monday.”