Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 100 million. Show all posts

T-Mobile Acknowledged Breach of 100 Million Customers

 

T-Mobile announced a data breach on Monday after a hacking organization claimed to have gotten records of 100 million T-Mobile customers in the United States and sold some of the information on the dark web. The US wireless carrier said it couldn't say how many users were affected, but that it has started a "deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed."

T-Mobile is the brand name for the mobile communications companies of Deutsche Telekom AG, a German telecommunications firm. In the Czech Republic (T-Mobile Czech Republic), the Netherlands (T-Mobile Netherlands), Poland (T-Mobile Polska), and the United States (T-Mobile US). 

T-Mobile initially stated that it was investigating the hacker group's claim, but eventually admitted that at least some data had been acquired by the hackers. "We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved," a company statement said. "We are confident that the entry point used to gain access has been closed."

T-Mobile said it was conducting its own investigation into the incident with the help of digital forensic experts and was collaborating with law enforcement. According to media sources citing postings on dark web forums, the enormous breach allegedly includes sensitive personal information such as social security and driver's license numbers. 

Motherboard was given access to some of the data, and the publication confirmed that it contained correct information on T-Mobile subscribers. The seller told Motherboard that they had hacked into various T-Mobile servers. A subset of the data, containing around 30 million social security numbers and driver's licenses, is being sold on the forum for six bitcoin, while the rest is being sold privately. At current exchange rates, six bitcoins are worth about $280,000. 

The seller told Motherboard, “I think they already found out because we lost access to the backdoored servers.” He was referring to T-Mobile’s potential response to the breach. T-Mobile appears to have thrown them out of the hacked systems, according to the seller, but they had already downloaded the data locally. They stated, "It's backed up in multiple places." 

The firm has also stated that once the situation is more understood, it would “proactively communicate” with customers and stakeholders, but that the investigation will “take some time.”

Research Study Shows That 100 Million IOT Devices are at Risk

 

Forescout Research Labs has disclosed a new collection of DNS vulnerabilities in collaboration with JSOF, potentially impacting over 100 million consumer devices. The seemingly simple code that underpins how computers interact with the internet has identified a shocking number of vulnerabilities for researchers. As of now, there are 9 new vulnerabilities, including Internet of Things products and IT control servers, with approximately 100 million devices worldwide. 

The newly revealed bugs are the code that implements protocol of network communication for connecting devices to the internet in four ubiquitous TCP/IP stacks. In operating systems such as the FreeBSD open-source project and Nucleus NET of the industrial control company Siemens, the vulnerabilities are all related to how the “Domain Name System” Internet phone book is carried out. 

They all encourage an attacker to destroy a computer and take it offline or get remote control access. All the vulnerabilities found by Forescout and JSOF security scientists now have patches, but this does not necessarily lead to corrections in actual devices that frequently run outdated versions of software. 

“With all these findings I know it can seem like we’re just bringing problems to the table, but we're really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout. She further added, “We've analyzed more than 15 TCP/IP stacks both proprietary and open source and we've found that there's no real difference in quality. But these commonalities are also helpful because we've found they have similar weak spots. When we analyze a new stack we can go and look at these same places and share those common problems with other researchers as well as developers.” 

Researchers are yet to see indications of these types of vulnerabilities being actively exploited in the wild by attackers. But the exposure is noticeable in the hundreds, perhaps billions, of devices that have potentially been affected as per several different findings.

Similar failures of Forescout and JSOF have already found themselves exposed in hundreds of millions or potentially trillions of devices in other TCP/IP proprietary and open-source stacks around the world. 

“For better or worse, these devices have code in them that people wrote 20 years ago—with the security mentality of 20 years ago,” says Ang Cui, CEO of the IoT security firm Red Balloon Security. 

Although the fixes do not proliferate in the near future, they too are available. And some other halted mitigation measures will minimize the exposure, namely by ensuring that as many devices as possible do not link to the internet directly and by using an internal DNS server. 

Forescout's Costante noted that operational behaviour would be predictable and that attempts to exploit certain defects would be easier to identify. 

Forescout has published an open-source script for network administrators in their organizations to recognize potentially insecure IoT devices and servers. 

The organization also continues to maintain an access database library of inquiries, which scientists and developers could use to quickly identify similar DNS vulnerabilities. 

“It’s a widespread problem; it’s not just a problem for a specific kind of device,” says Costante.