Category: cellphones

SS7, which was developed in the mid-1970s, can be potentially abused to track people’s phones’ locations; redirect calls and text messages so that info can be intercepted; and spy on users. The Diameter protocol was developed in the late-1990s and includes support for network access and IP mobility in local and roaming calls and messages. It does not, however, encrypt originating IP addresses during transport, which makes it easier for miscreants to carry out network spoofing attacks. “As coverage expands, and more networks and participants are introduced, the opportunity for a bad actor to exploit SS7 and Diameter has increased,” according to the FCC [PDF].

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and — if known — the attacker’s identity. This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking. Interested parties have until April 26 to submit comments, and then the FCC has a month to respond.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a “push token,” which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn’t necessarily disable this feature, experts contend. […]

If finding new ways to catch pedophiles and terrorists doesn’t seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes — like political activists or women seeking abortions in states where the procedure has been restricted.

Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons — such as its owner was involved in identity theft — and in these cases the phone itself was used as a tool to commit the crime. “We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner,” the researchers explained in a paper released this month. “Unfortunately, that expectation has proven false in practice.”

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc. — the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found. […] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients. “We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally,” said Dave Levin, an assistant professor of computer science at University of Maryland. “They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren’t wiped.”

The objective of the malware is to steal info or make money from information collected or delivered. The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud. One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more. “The user of the proxy will be able to use someone else’s phone for a period of 1200 seconds as an exit node,” said Yarochkin. He also said the team found a Facebook cookie plugin that was used to harvest activity from the Facebook app.

Through telemetry data, the researchers estimated that at least millions of infected devices exist globally, but are centralized in Southeast Asia and Eastern Europe. A statistic self-reported by the criminals themselves, said the researchers, was around 8.9 million. As for where the threats are coming from, the duo wouldn’t say specifically, although the word “China” showed up multiple times in the presentation, including in an origin story related to the development of the dodgy firmware. Yarochkin said the audience should consider where most of the world’s OEMs are located and make their own deductions.

The team confirmed the malware was found in the phones of at least 10 vendors, but that there was possibly around 40 more affected. For those seeking to avoid infected mobile phones, they could go some way of protecting themselves by going high end. That is to say, you’ll find this sort of bad firmware in the cheaper end of the Android ecosystem, and sticking to bigger brands is a good idea though not necessarily a guarantee of safety. “Big brands like Samsung, like Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market,” said Yarochkin.

In addition to the ThinkPad-like look and feel, there’s a red key on the side of the phone in a nod to Lenovo’s classic keyboard nub. You can customize it to a degree: a double-press can be assigned one of the phone’s ThinkPad integration features, while a single-press can act as an app shortcut. Some apps will even let you launch certain features — mapping it to the “Pay” screen of the Starbucks app could save you a lot of embarrassing fumbling at the register, for example. The ThinkPhone is available first to enterprise customers, with general availability on April 28th via Motorola.com.

Lenovo’s other rollable device it’s demoing at MWC is a Motorola smartphone. We’ve seen numerous companies including Samsung Display, Oppo, TCL, and even LG (RIP) show off rollable concept devices in various stages of development over the years, but we’re yet to see the technology break through in a consumer device. Like a foldable, the idea is that a rollable smartphone can be small when you need it to be portable, and big when you need more screen to get the job at hand done. Lenovo’s phone — which it’s calling the Motorola rollable smartphone concept — is all about taking a small square of a display and making it longer. It’s almost like a foldable flip phone, but without a secondary cover display because it’s the same screen the entire time. When all neatly rolled up, Lenovo’s Motorola rollable offers a 5-inch display with a 15:9 aspect ratio. Then, with a small double tap of a side button, the screen unfurls to give you a remarkably tall 6.5-inch display with a 22:9 aspect ratio. […] “In 2019, it seemed like foldable phones were about to become the next big thing in the world of smartphones,” writes Porter, in closing. “But four years later, it feels like we’re still waiting for this future to become a mainstream reality. Lenovo would be the first to admit that its rollable concept devices are far from ready for prime time, but they offer a compelling argument for an alternative, rollable future.”

The IDC also notes consumers are keeping smartphones longer than ever now, with “refresh rates” or the time that passes before people buy a new phone ‘climb[ing] past 40 months in most major markets.’ The report closes saying: “2023 is set up to be a year of caution as vendors will rethink their portfolio of devices while channels will think twice before taking on excess inventory. However, on a positive note, consumers may find even more generous trade-in offers and promotions continuing well into 2023 as the market will think of new methods to drive upgrades and sell more devices, specifically high-end models.”

For years, science and conventional wisdom have stated unequivocally that looking at a device — like a smartphone, tablet, laptop, or television — before bed is akin to lighting years of your natural life on fire, then letting the flames consume your children, your community, and the very concept of human progress….

Specifically interested in the use of “entertainment media” (streaming services, video games, podcasts) before bed, [the new February study’s] researchers asked a group of 58 adults to keep a sleep diary and found that, if participants consumed entertainment media in the hour before bed, the habit was associated with an earlier bedtime as well as more sleep overall (though the benefits diminished if participants binged for longer than an hour or multitasked on their phones). Essentially, these researchers explored screen use before bed as a form of relaxation rather than a form of self-harm, which is exactly how I and probably 5 billion other people use it — as a way of distracting our minds from the onslaught of material reality just before we drift off to temporary oblivion.

Vulture’s writer interviews Dr. Morgan Ellithorpe, one of the authors of the Journal of Sleep Research study and an assistant professor in the Department of Communication at the University of Delaware who specializes in media psychology.

Dr. Ellithorpe is a proponent of intentional media use as a way to relieve stress, but she tells me that, in her research, she’s found that the worst types of media to absorb before bed are those that have no “stopping point” — Instagram, TikTok, shows designed to be binge-watched. If you intend to binge a show, that might be fine: “Making a plan and sticking to it seems to matter,” she says. We agree that humans are famously bad at that, and that’s where the problems begin. The solution, Dr. Ellithorpe says, is figuring out why we’re on our screens and if that reason is “meaningful.” Are we turning to a screen in order to recover from an eventful day? Because we want something to talk about with our friends? Because we’re seeking, as she puts it, a moment of “hedonic enjoyment”? The key is that you must be able to recognize when that need is fulfilled. Then “you’re likely to have a good experience, and you won’t need to force yourself to stop. But it takes practice.”

Dr. Ellithorpe cites several studies for me to review — on gratification, mood-management theory, selective exposure, and self-determination theory — all of which, to various extents, grapple with the notion that human beings can make decisions to use media for purposeful things. “There’s this push now to realize that people aren’t a monolith, and media uses that seem bad for some people can actually be really good for other people.” Although many researchers like Dr. Ellithorpe and her cohort are onboard with this push, she admits that “the movement has not filtered out to the public yet. So the public is still on this kick of ‘Oh, media’s bad.'”

And that’s a huge part of the issue. “We sabotage ourselves when it comes to benefiting from media because we’ve been taught in our society to feel guilty for spending leisure time with media,” Dr. Ellithorpe says. “The research in this area suggests that people who want to use media to recover from stress, if they then feel bad about doing so, they don’t actually get the benefit from the media use.”

But even Dr. Ellithorpe is prone to unintentional sleep moralizing, saying she is often “bad” and “on her phone two seconds before I turn off the light.” She recommends watching a “low-challenge show” before bed and, like Dr. Kennedy, cites Stranger Things specifically as a dangerous pre-bed content choice because “you have to keep track of all the characters, remember what happened three seasons ago, and it’s emotionally charged. It might be difficult afterward to come down from that and go to bed.” In the end, she suggests watching whatever you want as long as it doesn’t delay your bedtime.

The Ehteraz app, which everyone over 18 coming to Qatar must download, also gets a number of other accesses such as an overview of your exact location, the ability to make direct calls via your phone and the ability to disable your screen lock. The Hayya app does not ask for as much, but also has a number of critical aspects. Among other things, the app asks for access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to determine the phone’s exact location, prevent the device from going into sleep mode, and view the phone’s network connections. It remains to be seen whether Qatar will strictly enforce the installation of these apps. “I know people who visited Saudi Arabia when that country had a similarly sketchy app requirement,” says Schneier. “Some of them just didn’t bother downloading the apps, and were never asked about it at the border.”