track lost phone | Breaking Cybersecurity News | The Hacker News

In Brief The famous '60 Minutes' television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles. Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages. The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks. All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations. SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one

Samsung which is currently believed to the highest Smartphones Seller in the World is now providing a Remote tracking solution in all its smartphones to Track the lost phone with the name " Samsung Dive ". The Service is based on the Architecture which primarily acquires precise location of the smart phone using it GPS and other subsidiary location acquisition techniques. The Service is basically meant to be used by the users to track their phone in case of theft or lost phone. Security Researcher Jiten Jain discovered that this GPS based location tracking service provided by manufacturer (Samsung) is also vulnerable to Theft and Malwares. To use this inbuilt tracking Service, User has to simply create an account with Samsung (www.samsungdive.com). Users than have to enable remote services to track device and wipe data remotely. The permission can be disabled or modified only by the Samsung account holder after logging in and cannot be disabled by anyone else. 

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or