Cybersecurity

cross-posted from: https://scribe.disroot.org/post/3159641

Archived version

Across the world, phone networks carry billions of passwords and login codes on a daily basis. Tech companies need to keep their subscribers logged in to their apps and accounts with maximum efficiency, wherever they might be. So these security codes need to get from Silicon Valley to everywhere, as quickly (and as cheaply) as possible. For most people they are a necessary annoyance, until they are breached with damaging consequences.

Companies, including banks and Big Tech, don’t send login codes to their customers directly. This would be costly and inefficient. Instead they rely on a sprawling and opaque network of contractors and subcontractors, each of which promises to shave off a part of the sending cost in return for market share. This is what the industry calls “lowest cost routing”. The catch is that any of these middleman companies can see everything transmitted. The codes that come saying “Do not share with anyone” might in fact already have been shared with more or less anyone.

...

Lighthouse obtained a cache of almost 100 million data packets from a phone industry source. The data gave a unique insight into telecom traffic passing through the network of a controversial Swiss outfit. Millions of these packets contained “A2P” (application-to-person) SMS messages. We analysed these to identify senders, recipients and type of message content.

We found millions of sensitive security codes and logins getting sent via Fink Telecom Services. The logins related to services from some of the world’s largest tech companies – including Google, Meta and Amazon; banks and crypto exchanges; dating sites and online marketplaces; and messaging apps including WhatsApp, Viber and Signal. Overall we identified over 1000 companies sending logins to their customers via the network run by maverick telecom entrepreneur Andreas Fink. The text messages we were looking at often told us the account names as well as the login codes and phone numbers.

...

Archived

The Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies, more than six weeks after they were identified in a Tech Transparency Project report. Apple and Google may also be profiting from these apps, which put Americans’ privacy and U.S. national security at risk, TTP found.

[...]

After the Financial Times asked Apple for comment on these findings, two of the apps linked to Qihoo 360—Thunder VPN and Snap VPN—were pulled from its app store. When TTP checked again in early May, another Qihoo 360-connected app called Signal Secure VPN had been quietly removed. But two other apps linked to Qihoo 360—Turbo VPN and VPN Proxy Master—remained available in the U.S. Apple App Store, along with 11 other Chinese-owned apps identified in TTP’s report.

The Google Play Store, meanwhile, offered four Qihoo 360-connected apps—Turbo VPN, VPN Proxy Master, Snap VPN, and Signal Secure VPN—as well as seven other Chinese-owned VPNs identified in TTP’s initial report.

The linked article lists several China-owned VPN apps identified by the Tech Transparency Project (TTP).

[...]

A wiper module makes the Akira ransomware more effective than before. Even if victims pay the ransom, they lose their data. The question is whether this strategy will remain successful for the attackers.