AT&T, T-Mobile Customer PINs Left Exposed by Security Flaws
Two different security flaws affecting the customers of AT&T and T-Mobile were revealed this week. The security gaps could have given hackers access to customer account PINs, which would in turn allow them to potentially hijack the customers' SIM cards. AT&T customers were left vulnerable by the insurance provider Asurion. When initiating claims through Asurion's web site, hackers could have gleaned PINs through a form that failed to have a limit on attempts to enter the PIN correctly. This opened the door for brute-force attacks. T-Mobile customers were left vulnerable by the Apple Store app on iPhones. The issue left an opening on a web page that bridged the Apple Store with T-Mobile's account verification system. Similar to the Asurion issue, the Apple Store didn't place a limit on the number of attempts for PIN entry. This also permitted a brute-force attack to guess the number. Both Asurion and Apple resolved the lapses after they were brought to their attention. The T-Mobile vulnerability left some 77 million customers exposed. The number of customers impacted at AT&T is not known. SIM hijacking allows hackers to essentially copy the identity of a legit phone that can then be used to verify identify in apps and services that used SMS-based two-factor authentication.
Jan 10, 2020
CAT's latest rugged phone for the US market is the S32. It's a bit more affordable than past models at $349.
Nov 26, 2019
MediaTek has revealed that its first SoC with integrated 5G modem and high-end processor will be called the Dimensity 1000. The company revealed the first set of details on the chip in May.
Oct 1, 2019
LG's entry-level K30 2019 model has launched in several different versions, under a variety of names, at AT&T, T-Mobile, and Cricket in recent weeks. Cricket launched the phone as the Escape Plus a few weeks ago, and sells it for $80.
Sep 19, 2019
Alcatel today announced the Go Flip 3 and SmartFlip, two variants of essentially the same clamshell-style feature phone. The phone runs KaiOS, and for the first time in the US, supports both Google Assistant voice control and the KaiStore for downloading third-party apps such as WhatsApp.