97 stories
·
0 followers

Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data

1 Comment

On Thursday, AT&T announced it was stopping the sale of its customers’ real-time location data to all third parties, in response to a Motherboard investigation showing how data from AT&T, T-Mobile, and Sprint trickled down through a complex network of companies until eventually landing in the hands of bounty hunters and people unauthorized to handle it. To verify the existence of this trade, Motherboard paid $300 on the black market to successfully locate a phone.

Google, whose Google Fi program offers phone, text, and data services that use T-Mobile and Sprint network infrastructure in the United States, told Motherboard that it asked those companies to not share its customers’ location data with third parties.

“We have never sold Fi subscribers' location information,” a Google spokesperson told Motherboard in a statement late on Thursday. “Google Fi is an MVNO (mobile virtual network operator) and not a carrier, but as soon as we heard about this practice, we required our network partners to shut it down as soon as possible.” Google did not say when it made this a requirement.

An MVNO is essentially a company that provides the usual telecommunication services such as calls and texts, but which uses infrastructure from a telco carrier. Launched in 2015, Fi has international coverage in 170 countries and also offers data only SIMs. Google recently announced an expansion of Fi’s availability to more Android devices as well as iPhones.

In Motherboard’s investigation, the phone we paid to locate was on the T-Mobile network. The data access traveled through a web of different companies, starting with T-Mobile which sold to a so-called location aggregator named Zumigo. Zumigo then sold the access to Microbilt, a firm which offers phone location services to the bounty hunter industries as well as other sectors. A Microbilt customer then offered a phone lookup to a source, and that source provided Motherboard with a Google Maps screenshot showing the location of the phone itself. The location data was accurate to a range of around 500m, enough to, in our case, correctly point to a specific area of Queens, New York.

T-Mobile had previously said it was cutting its relationships with location aggregators. In tweets posted in response to Motherboard’s story, T-Mobile CEO John Legere reiterated that the company is continuing to ramp down all of its location aggregator contracts, and plans to have this completed by March.

Sprint has not responded to Motherboard’s request for comment on whether it plans to mirror the actions of T-Mobile and AT&T and shut down all location aggregator access. Google suggested the telco may be taking some action: Google told Motherboard its partners, namely T-Mobile and Sprint, have already stopped the practice or plan to do so in the coming months (Google clarified to Motherboard that the company told T-Mobile and Sprint to shut down the sale of Fi customers’ data, rather than the telcos’ customers more widely.)

Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

In a previous, more general statement to Motherboard, a Sprint spokesperson said “Protecting our customers’ privacy and security is a top priority, and we are transparent about that in our Privacy Policy. We do not knowingly share personally identifiable geo-location information except with customer consent or in response to a lawful request such as a validated court order from law enforcement.”

This isn’t the first time telcos have said they will take action against location aggregators. Last year Senator Ron Wyden and The New York Times reported that an aggregator called LocationSmart was providing data access that ultimately allowed low level law enforcement to track down phones without a warrant. In response, AT&T, Verizon, T-Mobile, and Sprint cut access to Securus, the company that was acting as a middleman between LocationSmart and the end users. Since then, the telcos have continued to provide location data access for other purposes, such as to roadside assistance firms for locating stranded customers for fraud prevention.

On Thursday Verizon told The Washington Post it is winding down its own four remaining location aggregator contracts, which are all with roadside assistance companies. After that, customers will have to give Verizon permission to share their location with the firms. Verizon has not responded to Motherboard’s multiple requests for comment over the past week.

Motherboard’s investigation showed there is still clear room for abuse with location aggregators. These new steps will, T-Mobile and AT&T say, see them cutting off the sale of location data to all third parties. Multiple senators called for the Federal Communications Commission (FCC) to investigate the issue on Wednesday.

“For the second time in six months, carriers are pledging to stop sharing American’s location with middlemen without their knowledge,” Wyden told Motherboard Thursday. “I’ll believe it when I see it. Carriers are always responsible for who ends up with their customers data—it’s not enough to lay the blame for misuse on downstream companies.”

Subscribe to our new cybersecurity podcast, CYBER.



Read the whole story
SecurityFeed
8 days ago
reply
Because Google wants it all for themselves...
Share this story
Delete

Homebuyers Being Targeted by Money Transfer Scam

1 Comment

Money Transfer Scam – Scammers hack the victims’s email accounts, monitor conversations between the buyers and title agents, send instructions on where to wire the money.

A new homebuyer moves through a period of vulnerable transition as they invest in their future. This sensitive stage — a confusing flurry of representatives, documentation and planning — represents an attractive target for con artists with ill intentions. Some choose to capitalize on homebuyers’ ignorance.

The con in question is a money transfer scam with all the likeness of a typical transaction. Scammers hack the email accounts of their victims and monitor conversations between the buyers and title agents. Toward the close of the interaction, the scammers will send false instructions on where to wire the money.

After the wrongfully transferred money reaches the criminals behind the money transfer scam, they disappear, thousands of dollars wealthier. The practice is so whisper-quiet and challenging to catch that it’s given the FBI considerable trouble. For all intents and purposes, the scammers appear real.

Bryan O’Meara was hoping to expand his business with the addition of a parking lot for his new restaurant. He intended to wire upward of $1 million to the seller of the property but was unaware that his conversations were under surveillance by scammers. His business partner was equally unaware.

Fortunately for O’Meara, he didn’t follow through with the transaction — a decision that saved him an enormous sum of money. A loss of that caliber might have upended his business, and it’s a risk that many moving forward in real estate transactions should consider.

money transfer scam

Image by Soumil Kumar

FBI Involvement

The Federal Bureau of Investigation has offered the American public advice on how to better safeguard their money from scammers and hackers. After reporting $5 million in loss from Utah residents in 2017, every citizen is encouraged to take preventive measures to protect themselves from scams.

These measures include a frequent change in passwords, using mismatched and uncommon characters to avoid predictability. They also include a final follow-up with your partner or agent to confirm the wiring instructions are correct. Finally, in a worst-case scenario, people should contact their bank for immediate recall.

It’s an unfortunate truth that, even in the event of a recall, the victim loses most of their stolen money. Scammers will often bounce-wire the money through several international accounts at a high pace, blurring the trail that’s left behind in the event their target tries to reverse their transaction.

No security is 100 percent reliable. Even in following all the steps and taking every precaution, scammers and hackers will always innovate new techniques to steal money from their unwitting victims.

Protecting Home Purchases

While the FBI is a helpful resource when combating scammers, homebuyers are encouraged to take additional measures before they purchase their property of interest. For many, changing a password and making a phone call will not be enough. They should also consider the following advice.

In the final stages of communication between an individual and a company, a comparison of early emails and those received later can reveal differences. These differences indicate a scammer has entered the conversation under the guise of a professional. Verification through multiple channels is the safest route.

A scammer will also place a high amount of pressure on a homebuyer to wire their money. Homebuyers in the final stages of transfer are advised to look closely at the information exchanged between them and the vendor to ensure its validity. A lax attitude toward detail can leave a person open to attack.

However, these innocent people don’t have to fall into the same old traps. Everyone should commit themselves to an awareness of common scamming techniques and illegal practices. Before purchasing a home, potential buyers would benefit by educating themselves about the latest scams in circulation by criminals.

Assessing the Danger

According to a 2017 report by the FBI, almost $1 billion was diverted or nearly diverted from real estate transactions — up by a significant margin from the year prior. This enormous sum of money speaks to the severity of the problem and its relevance to homebuyers today.

As they work through the final stages of a real estate transaction, buyers must remain diligent. A lack of interest in the proceedings can spell the difference between money lost and money saved. With a transaction as important as property exchange, anything less than total attention is inviting trouble.

It’s only through awareness and caution that citizens can protect themselves and their loved ones from the dangers of fraudulent activity.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

 

 

Pierluigi Paganini

(Security Affairs – Money Transfer Scam, cybercrime)

The post Homebuyers Being Targeted by Money Transfer Scam appeared first on Security Affairs.

Read the whole story

Feast smart.

2 Shares

Share and Enjoy:DiggStumbleUpondel.icio.usFacebookTwitterGoogle Bookmarks

The post Feast smart. appeared first on Indexed.

Read the whole story
SecurityFeed
180 days ago
reply
Share this story
Delete

Posting '10 Concerts' To Facebook Opens Door To Hackers, Experts Warn

1 Comment
PHILADELPHIA (CBS) — A cyber security expert warns Facebook users to think twice before posting about your 10 concerts. A popular Facebook ...
Read the whole story
SecurityFeed
631 days ago
reply
This is stupid security. Do not hire this guy.
Share this story
Delete

'Now the cyber is so big' says Donald Trump

2 Comments
'Now the cyber is so big' says Donald Trump

"You know cyber is becoming so big today. lt's becoming something that a number of years ago, a short number of years ago wasn't even a word. Now the cyber is so big."

Hear what I think in my latest video.

Read the whole story
SecurityFeed
860 days ago
reply
It's yuge.
Share this story
Delete
1 public comment
denubis
862 days ago
reply
... um.
Sydney, Australia

Pennsylvania and Georgia Decline DHS Voting System Security Help (August 26, 2016)

1 Comment

Pennsylvania and Georgia have rejected election system security help from the US Department of Homeland Security (DHS).......

Read the whole story
SecurityFeed
875 days ago
reply
This is incorrect. Pennsylvania HAS and WILL work with the DHS. OOPS.
Share this story
Delete
Next Page of Stories