Flutterby™! : Telephone exploits OTD

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Telephone exploits OTD

2025-10-15 01:05:51.536967+02 by Dan Lyke 0 comments

Whee!

The Surveillance Empire That Tracked World Leaders, a Vatican Enemy, and Maybe You. A company called "First Wap" used phone system network signaling to track individuals with nothing installed on their phones, and, yeah, sold that data to the bad guys. Via

Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites.

That latter link is summarized by Vinoth (Mobile security) @vinoth@infosec.exchange

This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out.

- T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text.

- AT&T Mexico cellular backhaul: Raw user internet traffic

- TelMex VOIP on satellite backhaul: Plaintext voice calls

- U.S. military: SIP traffic exposing ship names

- Mexico government and military: Unencrypted intra-government traffic

- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP

While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.

Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!

https://

[ related topics: Religion Politics broadband History moron Work, productivity and environment Net Culture Machinery Cryptography ]

comments in descending chronological order (reverse):

Add your own comment:




Format with:

(You should probably use "Text" mode: URLs will be mostly recognized and linked, _underscore quoted_ text is looked up in a glossary, _underscore quoted_ (http://xyz.pdq) becomes a link, without the link in the parenthesis it becomes a <cite> tag. All <cite>ed text will point to the Flutterby knowledge base. Two enters (ie: a blank line) gets you a new paragraph, special treatment for paragraphs that are manually indented or start with "#" (as in "#include" or "#!/usr/bin/perl"), "/* " or ">" (as in a quoted message) or look like lists, or within a paragraph you can use a number of HTML tags:

p, img, br, hr, a, sub, sup, tt, i, b, h1, h2, h3, h4, h5, h6, cite, em, strong, code, samp, kbd, pre, blockquote, address, ol, dl, ul, dt, dd, li, dir, menu, table, tr, td, th

Comment policy

We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.

Flutterby™ is a trademark claimed by

Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net.