Building a VPN for Mobile Devices at the Network Level

By David Balaban In 2019, there is still surprisingly little information about such an old, simple, convenient, and secure technology, as mobile VPN - Virtual Private Network. In this article, I will describe how you can provide access to your virtual private network to any device with a SIM card...

Large-scale SIM swap fraud

Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator's...

Is Flawless Anonymity Possible?

By David Balaban The condition of being anonymous is called anonymity - Let’s suppose you want to post the most anonymous comment on a social network imaginable. What kind of tools do you need for that? VPN? Tor? SSH tunnel? In fact, none of the above. It suffices to purchase a burner SIM card an...

Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you...

An Apple-Hacking Teen, SIM-Swap Indictments, and More Security News This Week

Location data scandals, a Zcash bug, and more of the week's top security news...

More Alleged SIM Swappers Face Justice

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who's built a solid reputation hijacking mobile phone...

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison

A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison. Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims...

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison

A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison. Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims...

“Stole $24 Million But Still Can’t Keep a Friend”

Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged...

Across DR-810 ROM-0 - Backup File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Across DR-810 ROM-0 Backup - File DisclosureSensitive Information Exploit Author: SajjadBnd My Email: email protected Vendor Homepage: http://www.ac.i8i.ir/ Version: DR-810 Tested on: DR-810 RomPager/4.07 UPnP/1.0 + About...

Does WhatsApp Have A Privacy Bug That Could Expose Your Messages?

In-short conclusion—Whatsapp service or its 45-days deletion policy doesn't seem to have a bug. For detailed logical explanation, please read below. An Amazon employee earlier today tweeted details about an incident that many suggest could be a sign of a huge privacy bug in the most popular...

CVE-2017-18317

CVE-2017-18317 affects Qualcomm closed‑source components in Snapdragon Automotive and Snapdragon Mobile (MSM8996AU, SD 410/12, SD 820, SD 820A). The issue allows bypass of modem restrictions (sim lock/sim kill) by manipulating the system to issue a deactivation flow sequence. The available docume...

Man arrested for stealing $1m from Silicon Valley Exec via SIM-swapping

By ghostadmin A 21-year old Manhattan resident has been accused of SIM-swapping the mobile number of Robert Ross, a Silicon Valley executive, and managed to steal $1 million. The accused, Nicholas Truglia, not only targeted Ross’s phone number with SIM-swapping attacks but many others too includi...

Sim Swapping Crypto Stealing Hackers Arrested by Turkish Police

By Waqas Eleven Turkish individuals have been arrested by Turkish police department for stealing cryptocurrency worth approx. $80,000 via Sim Swapping. Reportedly, the suspects tricked the phone providers into revealing the phone numbers of the victims and used the SIMs for performing 2FA...

Busting SIM Swappers and SIM Swap Myths

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized "SIM swaps" -- a complex form of mobile phone fraud that is often use...

5 (Not So) Scary Infosec Questions to Answer this Halloween

It’s Halloween. Time for candy checking, cavities and the start of the retail season. And while attacks will rise around the holidays, don't let the FUD machine get you too scared about things the go bump in the infosec night. Here are five things that should actually concern you. They were easil...

Now use Internet anonymously through Tor-enabled SIM card Onion3G

By Waqas Privacy concerns are rising with the advancement of technology. Today, we need to be a lot more careful about online browsing than we needed to a few years back despite that we have come far ahead with technology. Tor browser and VPNs are generally believed to protect our privacy online,...

SIM-PKH 2.4.1 SQL Injection Vulnerability

SIM-PKH version 2.4.1 suffers from a remote SQL injection vulnerability. Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1...

SIM-PKH 2.4.1 - Arbitrary File Upload

SIM-PKH 2.4.1 - Arbitrary File Upload Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category:...

SIM-PKH 2.4.1 SQL Injection

Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...