Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Wireless. Show all posts

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.

Wearable Tech Evolution: Google Integrates Heart Rate Monitoring into ANC Earbuds

 


It has been made clear by Google that they have made rapid progress in developing technology that will allow users to make a significant upgrade to their existing true wireless earbuds. Wireless earbuds might be able to integrate heart rate monitoring with just a software update, so there will be no additional hardware requirements when upgrading to wireless earbuds. Since they are going to use a similar method as noise cancellation to work, the earbuds, earphones or headphones in question must have active noise cancellation. 

The wrist-worn devices that can provide reliable heart rate data are available from almost every major manufacturer. A companion application such as Google Fit crunches the data over time for you to be able to see patterns and irregularities in your health that may indicate something serious is wrong. 

Even though the system seems to work well, Google researchers recently published two technical papers that describe an alternative method for monitoring cardiac activity called Audioplethysmography (APG), which is used to measure heart rate. It is clear from the name that this method utilizes audio equipment like earbuds, as the market trends show that earbuds have proven to be a far more popular wearable in comparison to fitness trackers and smartwatches for wristwear. 

As a result of the deformation of blood vessels in the user's ear canal, Google notes that the volume of their ear canal changes slightly with every heartbeat. In this way, an earbud's speaker driver can pump out ultrasonic sound waves of different frequencies at the same time reverberating up through feedback microphones, also housed in the earbud's speaker, to pick up the reverberation in real-time. 

This works very much the same as sonar in a submarine works. Using a mathematical model, the time and variations between the received echos are then calculated, which then leads to the calculation of an individual's changes in ear canal volume, which are directly related to the rhythm of their hearts. 

According to the research paper titled, ‘APG: Audioplethysmography for Cardiac Monitoring in Hearables’, an ultrasound probing signal that is routed through an active noise cancellation (ANC) headphone's microphone and speaker is routed through the headphone. Echoes then are received from the feedback microphones located on the headphones. 

ANC earphones are equipped with tiny microphones that can be used to detect ambient sounds, so the method will use this function to take note of how the skin surface reacts to changes in blood flow when the low-intensity signal bounces off the ear canal. 

To give persons who do not enjoy wearing smartwatches an opportunity to measure their heart rate on the go, wireless earbuds with heart rate monitoring features are an exciting concept; they allow them to examine their heart rate at any time, no matter where they are. 

The majority of mechanical watch enthusiasts do not wish to give up their traditional timepieces in favour of tech-enabled smartwatches. A significant change will not be required since the technology will utilise existing hardware in the wireless earbuds as already present in these devices. The heart rate monitoring functionality will simply need to be activated by a software update. 

In the meantime, there are no indications that the new heart rate monitoring feature will be available in ANC earbuds shortly. It would however still have to pass all the layers of regulatory approval before its use can be commercially marketed. 

The use of APG involves using a low-intensity ultrasound signal that bounces off the wearer’s ear canal into a microphone that is used to detect ambient sound and then listening back to the earphones or headphones to hear back any disturbances on the skin surface that happen during blood pumping. Despite the limitations of APG technology, few alternatives have prevented ear wearables from being used as health-tracking devices as well. 

Researchers have discovered that the APG measurements are stable regardless of variables like skin colour, the fit or position of the wearable in the canal or the size of the ear canal. The material of the ear tip (silicon or foam are the most commonly used ones that come with the earphones) does not affect the measurements either. 
  
As a result of the evolution of PPG technology, it is expected that users will be able to detect and monitor cardiac activity even while using headphones or earphones to listen to music as they exercise in a gym.

Despite these limitations, it is noted that the work aims to use multiple frequencies and then use software to capture readings to determine which frequency delivers the most accurate signal reading. There are, however, several limitations, including disturbed signal readings in noisy environments. It will be interesting to see how Google uses this technology, however, it is not on the verge of taking this to the real world quite yet. It might not be until sometime shortly, if at all. 

The tech is still in the early stages of testing and refinement, but in all probability, Google could embed this technology in their Pixel wireless earbuds products in the future, and this is something Google might want to consider.