The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cellphone hacking

Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices

Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
March 02, 2020Ravie Lakshmanan
Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge. Called " SurfingAttack ," the attack leverages the unique properties of acoustic transmission in solid materials — such as tables — to "enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight." In doing so, it's possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously. The research was published by a group of academics from Michigan State University, Washington University in St. Louis, Chinese Academy of Sciences, and the Un

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers
February 25, 2019Mohit Kumar
At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, " Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information, " the new attacks could allow remote attackers to bypass security protections implemented in 4G and 5G, re-enabling IMSI catching devices like " Stingrays " to intercept users' phone calls and track their location. Here below, we have described all the three attacks, how they work, what are their impacts, and why you should be concerned about these attacks. ToRPEDO Attack — Location Verification, DoS, Inject Fake Alerts Short for "TRacking via Paging mEssage DistributiOn," TorPEDO is the most concerning attack that leverages paging protocol, allowing remote attackers to verify a victim device's location, inject fabricated paging mess

Researchers Uncover New Attacks Against LTE Network Protocol

Researchers Uncover New Attacks Against LTE Network Protocol
June 30, 2018Swati Khandelwal
If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, and even can re-route them to malicious or phishing websites. LTE, or Long Term Evolution, is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile (GSM) communications. However, multiple security flaws have been discovered over the past few years, allowing attackers to intercept user's communications, spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and knock devices entirely offline. 4G LTE Network Vulnerabilities Now, security researchers

Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere

Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere
November 04, 2016Swati Khandelwal
Image Source: Libelium Here's a new danger to your smartphone security: Your mobile device can be hijacked and tracked without your knowledge. Remember Stingrays ? The controversial cell phone spying tool, also known as " IMSI catchers ," has long been used by law enforcement to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts calls and Internet traffic, sends fake texts, and installs spyware on a victim's phone. Setting up such Stingrays-type surveillance devices , of course, is expensive and needs a lot of efforts, but researchers have now found a new, cheapest way to do the same thing with a simple Wi-Fi hotspot. Yes, Wi-Fi network can capture IMSI numbers from nearby smartphones, allowing almost anyone to track and monitor people wirelessly. IMSI or international mobile subscriber identity is a unique 15-digit number used for authentication of a person when movi

Hacking Firmware from Mobile Phone Hacking Company Leaked Online

Hacking Firmware from Mobile Phone Hacking Company Leaked Online
October 26, 2016Swati Khandelwal
The Israeli firm Cellebrite , which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online. Yes, you heard that right. Cellebrite's most sensitive in-house capabilities have been made public by one of its products' resellers, who is now distributing copies of Cellebrite's firmware and software for anyone to download. The apparent reseller is McSira Professional Solutions , which hosts software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED). UFED is one of the company's key products that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data and passwords from them. For the Cellebrite's hand on iOS devices, you can watch the 2015 YouTube video (below), which demonstrates one of the company's products that unlocked the iPhone device in few hours. Download  L

Telegram Hacked? Turn ON Important Security Settings to Secure your Private Chats

Telegram Hacked? Turn ON Important Security Settings to Secure your Private Chats
August 03, 2016Swati Khandelwal
We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw. Telegram is a messaging app " with a focus on security " that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers. According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram. The incident is even said to be the

Have you ever suspected that Facebook is listening to your conversations through Microphone?

Have you ever suspected that Facebook is listening to your conversations through Microphone?
June 03, 2016Mohit Kumar
Have you ever felt Facebook is showing you very relevant ads about topics you're only discussing around your phone? If yes, then you may find this news worth reading. Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about. However, the social networking giant responds  it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads. " Facebook does not use microphone audio to inform advertising or News Feed stories in any way ," a Facebook spokesperson said. " Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection. " Facebook rolled out a feature in May of 2014 when the company said that it might target ads " in t

Police Using Planes Equipped with Dirtbox to Spy on your Cell Phones

Police Using Planes Equipped with Dirtbox to Spy on your Cell Phones
January 29, 2016Swati Khandelwal
The Anaheim Police Department of California — Home of Disneyland — admitted that they used special Cell Phone surveillance technology, known as DirtBox , mounted on aircraft to track millions of mobile users activities. More than 400 pages of new documents [ PDF ] published Wednesday revealed that Local Police and federal authorities are using, DRTBox , an advanced version of Dirtbox developed by Digital Receiver Technology ( Boeing's  Maryland-based  subsidiary ). DRTBox — Spies in the Sky DRTBox is a military surveillance technology that has capabilities of both Stingray as well as Dirtbox, allowing the police to track, intercept thousands of cellphone calls and quietly eavesdrop on conversations, emails, and text messages. According to the report, DRTBox model is also capable of simultaneously breaking the encryption hundreds of cellphone communications at once, helping Anaheim Police Department track criminals while recording innocent citizens' inform

THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories

THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories
September 14, 2015Mohit Kumar
We are once again here with our weekly round up based on last week's top cyber security threats and challenges. I recommend you to read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: 1. Reminder! If You have not yet, Turn Off Windows 10 Keylogger Now Microsoft is very powerful in tracking every single word you type or say to its digital assistant Cortana using its newest Windows 10 operating system. The keylogger that Microsoft put in the  Technical Preview of Windows 10  last fall made its way to  Windows 10 Free  public release first rolled out back in July. Besides various  Windows 10 privacy issues , there is a software component that is a bit more complicated than you thought. It tracks your inputs using: Keyboard Voice Screen Mouse Stylus Information about your Calendar and Contacts If this keylogger, which is more than just a keylogger, makes you feel creepy then need

Techie Police Officer Builds a Sniffing Tool to Track Stolen Devices (based on War-Driving)

Techie Police Officer Builds a Sniffing Tool to Track Stolen Devices (based on War-Driving)
September 09, 2015Swati Khandelwal
Ever wonder, How can you Track your Stolen Smartphone , Laptop or any Smart Device? ...With IMEI Number? ...Or IP address? ...Or may be some special types of equipment? Well, Not required, because now it is possible to track stolen devices just by scanning their MAC addresses. Yes, Just MAC addresses, which is assigned to each device on a unique basis by the IEEE, but crooks can modify it in an attempt to hide the origin of the stolen device. But given the people's practice to never notice the MAC address of their mobile phone, tablet, laptop, desktop, smart TV, smart refrigerator, or broadband router, MAC addresses can be used to track stolen electronics. This exactly is what an Iowa City cop wants to do.  How Police Can Track Stolen Devices? According to Gazette, an Iowa police officer David Schwindt has developed a sniffing software that helps police find more stolen properties. The software, Schwindt dubbed L8NT (short for Latent analysi

New Rules Require FBI to Get Warrant for Spying With 'Stingrays' Cell Phone Trackers

New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers
September 04, 2015Mohit Kumar
Remember StingRays ? The controversial cell phone spying tool , known as " Stingrays " or " IMSI catchers ," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of Stingrays to spy on cell phones. Thanks to the new policy announced Thursday by the US Department of Justice. For years, local police and federal authorities have used and spent over $350,000 on Stingrays , which essentially mimic mobile phone tower, to track cell phones in countless investigations. What is Stingray? Stingrays , made by the Harris Corporation, has capabilities to access user's unique IDs and phone numbers, track and record locations, and sometimes even intercept Internet traffic and phone calls, send fake texts and install spyware on phones. The authorities used these tracking tools for years to breach people's privacy

Your GPS Location and Calls Can be Spied Using Network Vulnerability

Your GPS Location and Calls Can be Spied Using Network Vulnerability
August 20, 2015Swati Khandelwal
Yes, you heard it right. It's the dirty truth that's featuring what is being called the largest privacy breach ever. Billions of cell phone users are at risk of a vulnerability in the SS7 inter-carrier network that allows hackers and spies agencies to track locations and intercept all voice calls from anywhere in the world. This is something we already know from the last year's Snowden leaks that explained the National Security Agency (NSA) capabilities to gather nearly 5 Billion records a day on mobile phone locations around the world. But, it's worse than we have thought. The famous Australian TV programme " 60 Minutes " demonstrated that it is possible for anyone to track cell phone location and intercept calls and text messages. This time, not due to a security vulnerability in the phone's operating system, but due to a serious flaw in the very system our cell phones use to communicate with each other around the world – The globa

Is It Possible to Track Smartphone Location By Monitoring Battery Usage?

Is It Possible to Track Smartphone Location By Monitoring Battery Usage?
February 22, 2015Wang Wei
Data leaks through power consumption? Don't be surprised because security researchers have discovered a way to track your every move by looking at your Android smartphone's consumption of the battery power,even if you have GPS access unable. Researchers at Stanford University and Israeli Defense Research Group, Rafael, have developed a new technology, which they have dubbed " PowerSpy ", that have capability to gather the geolocation of Android phones by simply by measuring the battery usage of the phone over a certain time. TRACKING PERMISSION GRANTED BY-DEFAULT Unlike Wi-Fi and GPS access, the battery consumption data does not need the users' permission to be shared and is freely available to any downloaded and installed application. Therefore, this data can be used to track a phone with up to 90 percent accuracy. All an attacker would need to do is use an application — any application you download and installed onto your Android smartphone — to measu

NSA Stole Millions Of SIM Card Encryption Keys To Gather Private Data

NSA Stole Millions Of SIM Card Encryption Keys To Gather Private Data
February 20, 2015Mohit Kumar
Edward Snowden is back with one of the biggest revelations about the government's widespread surveillance program. The US National Security Agency ( NSA ) and British counterpart Government Communications Headquarters ( GCHQ ) hacked into the networks of the world's biggest SIM card manufacturer, according to top-secret documents given to The Intercept by former NSA-contractor-turned-whistle blower, Edward Snowden . OPERATION DAPINO GAMMA The leaked documents suggests that in a joint operation, the NSA and the GCHQ formed the Mobile Handset Exploitation Team (MHET) in April 2010, and as the name suggests, the unit was built to target vulnerabilities in cellphone. Under an operation dubbed DAPINO GAMMA, the unit hacked into a Digital security company Gemalto , the largest SIM card manufacturer in the world, and stole SIM Card Encryption Keys that are used to protect the privacy of cellphone communications. Gemalto, a huge company that operates in 85 countr
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.