September 19, 2020
David Redekop

This Week In Nerd News – August 17, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

The Secret SIMs Used By Criminals to Spoof Any Number.

A must-read. However, it isn’t that difficult to spoof a number right from your mobile without a special SIM card. A cursory search finds us Spoofcard, Spooftel, Spoofbox, Spoof my Phone, all of which have free mobile apps. Considering the activity is illegal in most jurisdictions, it is surprising how available they are.

The unsolicited call came from France. Or at least that’s what my phone said. When I picked up, a man asked if I worked with the National Crime Agency, the UK’s version of the FBI. When I explained, no, as a journalist I don’t give information to the police, he said why he had contacted me.

“There are these special SIM cards out there,” he said, referring to the small piece of hardware that slips inside a cell phone. “I’m actually ringing from one now,” he added, before later explaining he runs an underground site that sells these cards.

 

Read More: The Secret SIMs Used By Criminals to Spoof Any Number

 

Homeland Security details new tools for extracting device data at US borders.

Border agents are able to pull data from devices and keep it for 75 years, according to the assessment. However, patched iOS devices with A12+ processors with MDM enabled have no known extraction methods.

Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers.

 

Read More: Homeland Security details new tools for extracting device data at US borders

 

Hackers can eavesdrop on mobile calls with $7,000 worth of equipment.

The demonstration of ReVoLTE attack is our reminder that for privacy and security, use true end-to-end encryption call methods including FaceTime, Matrix (self-hosted – also a Slack alternative), WhatsApp.

The emergence of mobile voice calls over the standard known as Long Term Evolution (LTE) has been a boon for millions of cell phone users around the world. VoLTE, short for Voice over LTE, provides up to three times the capacity of the earlier 3G standard, resulting in high-definition sound quality that’s a huge improvement over earlier generations. VoLTE also uses the same IP standard used to send data over the Internet, so it has the ability to work with a wider range of devices. VoLTE does all of this while also providing a layer of security not available in predecessor cellular technologies.

 

Read More: Hackers can eavesdrop on mobile calls with $7,000 worth of equipment

 

Tor security advisory: exit relays running sslstrip in May and June 2020.

What’s Steve Gibson’s old adage about Trust No One (TNO)? Apparently that applies to TOR exit nodes as well.

In May 2020 we found a group of Tor exit relays that were messing with exit traffic. Specifically, they left almost all exit traffic alone, and they intercepted connections to a small number of cryptocurrency exchange websites. If a user visited the HTTP version (i.e. the unencrypted, unauthenticated version) of one of these sites, they would prevent the site from redirecting the user to the HTTPS version (i.e. the encrypted, authenticated version) of the site. If the user didn’t notice that they hadn’t ended up on the HTTPS version of the site (no lock icon in the browser) and proceeded to send or receive sensitive information, this information could be intercepted by the attacker.

 

Read More: Tor security advisory: exit relays running sslstrip in May and June 2020 

 

NSA and FBI warn that new Linux malware threatens national security.

This is a reminder that it is possible and necessary to lock down egress control on all business infrastructure.

The FBI and NSA have issued a joint report warning that Russian state hackers are using a previously unknown piece of Linux malware to stealthily infiltrate sensitive networks, steal confidential information, and execute malicious commands.

 

Read More: NSA and FBI warn that new Linux malware threatens national security

 

Did you know?

SoundSource is a power tool for a macOS productivity nerd. Controls multiple audio sources so when you want quiet background music through speakers during a headset zoom meeting while answering a facetime call, for example.