News – Page 19 – Hawk Toolbox by LeadsOnline

Update: Say Goodbye to 3G Phone Service

October 31, 2021/in News /by Tom Bruce

Sun. Oct. 31, 2021 | By John Miley – Kiplinger |

The end of 3G

Below is the time line for the shutdown of 3G services. After the shutdown is complete, phones and other devices that rely on this standard will no longer be able to make calls or perform other tasks that require a cellular connection.

AT&T – February 2022*

Sprint (owned by T-Mobile) – January 1, 2022 (Sprint LTE shutdown – June 20, 2022)

T-Mobile – July 1, 2022

Verizon – December 31, 2022

*AT&T has not provided a specific date in February 2022 for its shutdown.

Providers are hanging up on 3G. While 5G promises better and faster service, you need new devices to take advantage of it.

Is your mobile phone more than a few years old? You may need to upgrade—fast. The shutdown of 3G cellular service by all of the major cell-phone carriers—AT&T, T-Mobile (which owns Sprint) and Verizon—is under way and will be completed next year. The long-planned sunset of 3G will free up airwaves for 5G and other advanced services. That’s the good news. The bad news is that if you have a device that relies on the old wireless standard, you will no longer be able to use some data services, send texts or make phone calls, including dialing 911.

Millions of phones and other commonly used products still harness 3G, including home security systems, medical devices and personal emergency response systems. Adding to the confusion, older 4G phones that don’t support modern cellular voice technologies, such as Voice Over LTE or HD Voice, are impacted, too. Those customers may need a software upgrade or a new phone.

he time lines for shutdowns vary, but they will be wrapped up as early as January for Sprint’s 3G network. Other carriers, including prepaid providers Cricket, Boost and Straight Talk, are also affected, because they rely on airwaves from the Big Three.

Do you need to upgrade? How do you know if your aging phone is at risk? Carriers say they have been reminding customers who need to act via direct mail, e-mail and text. Your carrier’s website may provide a list of affected devices. You can also look up the model number online and search for product details of the phone, including the mobile broadband generation (3G, 4G, 5G). If you see it’s a 3G generation phone, you know you are affected. You can also look for a “3G” icon at the top corner of your phone, but be careful: Not all 3G phones have that icon.

If you need to upgrade to a new phone, shop for deals. Discounts—or in some cases, free upgrades—are available. T-Mobile, for example, offers Sprint 3G customers the same monthly rate for 4G/5G service and a free device upgrade.

Wondering what to do with your old phone? If it has Wi-Fi capabilities, you can still use it to watch TV or play games over the internet. Otherwise, you’re probably going to have to recycle it. Some large retailers, such as Best Buy, offer recycling programs for old electronics. You can look into local recycling programs at www.earth911.com.

Read more here

Lawmakers introduce Kelsey Smith Act in U.S. House, Senate

October 30, 2021/in News /by Tom Bruce

Sat. Oct. 30, 2021 | By Hailey Godburn – kshb |

KANSAS CITY, Mo. — A law created in Kansas after the murder of an Overland Park teen nearly 15 years ago could be adopted nationwide. Rep. Jake LaTurner, who represents areas of Kansas just outside the metro area, introduced the Kelsey Smith Act to the U.S. House of Representatives last week. Kelsey Smith was 18 when she was abducted from an area Target and killed by her kidnapper. Her parents, Greg and Missey Smith, didn’t know if their daughter was dead or alive for four days while law enforcement waited for a cellphone company to release location information from her phone. Once officers had the information, they found her body within 45 minutes. The Smiths now work to ensure other families never have to endure the same agonizing wait.

Under the Kelsey Smith Act, wireless providers would be required to give cellphone data to law enforcement in emergency situations that could result in death or serious harm.

“The tragic abduction and murder of Kelsey Smith is heartbreaking and should never happen again. The bipartisan Kelsey Smith Act would ensure law enforcement officers have the resources they need from cell phone providers to locate missing or abducted children. The fear of legal liability should never stand in the way of rescuing a child from a life-threatening situation,” LaTurner said in a statement.

The bill, which has already become law in 30 states, has bipartisan support in the House, including Kansas’ 3rd District Rep. Sharice Davids. It also has support in the U.S. Senate. Kansas Sen. Jerry Moran joined senators from Missouri and Nebraska to reintroduce the bill there in February. He is also a sponsor of the renewed effort.

“Kelsey Smith’s tragic abduction sent shockwaves through the Overland Park community and the country,” Moran said in a statement. “I appreciate Rep. LaTurner’s leadership in introducing this legislation in the House, and I urge my colleagues to support this legislation that would make certain our first responders have the tools they need to quickly locate people who have been abducted.”

The Smiths said they are thankful to the Kansas delegation of lawmakers for their efforts to pass the bill.

Read more here

Ky. Supreme Court to decide if police need a warrant for real-time phone tracking

October 21, 2021/in News /by Tom Bruce

Thurs. Oct. 20, 2021 | By Jacob Ryan – wfpl |

State attorneys arguing that police don’t need a search warrant to track a person’s location in real-time through their cell phone were met with skepticism from the Kentucky Supreme Court on Wednesday.

The state’s highest court heard arguments in a case that stems from a Woodford County robbery, in which police tracked a suspect’s location by “pinging” his cell phone without a search warrant.

The Kentucky Attorney General’s office argued that police don’t need a search warrant to track someone driving on a public road, even if that tracking is conducted through technology.

“This is not a case about police accessing data stored on cell phones. It is not about whether the police can use dragnet surveillance techniques to monitor an individual’s movement,” said Brett Nolan, a deputy solicitor general for the Office of the Kentucky Attorney General. “This is about using technology to do something that police have always been able to do, which they’ve always done: public surveillance on a public road.”

Chief Justice John D. Minton Jr. pushed back, questioning why real-time cell phone tracking wouldn’t require a search warrant, pointing to the detailed data collected by cell companies.

“Don’t I have an expectation of some sort of privacy in that information?” Minton said. “Do we give it up by owning a cell phone?”

This case decision is of national interest as tech-based police investigations become more commonplace, said Nathan Freed Wessler, the deputy projects director for the American Civil Liberties Union.

“Since the founding of this country we have set limits on what police can do without judicial oversight,” he said. “Without protections from the courts, people are really vulnerable to having their entire lives become an open book for the government.”

The U.S. Supreme Court in 2018 ruled police must obtain a warrant to access historical cell location data. High courts in several other states have ruled that police do need search warrants for real-time cell data, Wessler said. In many states, however, the question is not yet settled.

“The court has an opportunity to make Kentucky a leader in securing people’s privacy rights,” Wessler said.

Cell phones collect the most intimate details about a person’s life, said Brad Clark, president of the Kentucky Association of Criminal Defense Lawyers. To access that data, he believes police need a warrant, and he said the state Attorney General’s position on the matter is worrisome.

I think everyone should be concerned about this approach the government wants to adopt that they can search anyone without any judicial oversight,” he said. “We need a bright line rule that requires a warrant.”…

Read more here

FCC Proposal Targets SIM Swapping, Port-Out Fraud

October 6, 2021/in News /by Tom Bruce

Fri. Oct. 1, 2021 | By Brian Krebs – Krebs|

The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.

In a long-overdue notice issued Sept. 30, the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before redirecting their phone number to a new device or carrier.

“We have received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud,” the FCC wrote. “Because of the serious harms associated with SIM swap fraud, we believe that a speedy implementation is appropriate.”

The FCC said the proposal was in response to a flood of complaints to the agency and the U.S. Federal Trade Commission (FTC) about fraudulent SIM swapping and number port-out fraud. SIM swapping happens when the fraudsters trick or bribe an employee at a mobile phone store into transferring control of a target’s phone number to a device they control.

From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file.

Scammers commit number port-out fraud by posing as the target and requesting that their number be transferred to a different mobile provider (and to a device the attackers control).

The FCC said the carriers have traditionally sought to address both forms of phone number fraud by requiring static data about the customer that is no longer secret and has been exposed in a variety of places already — such as date of birth and Social Security number. By way of example, the commission pointed to the recent breach at T-Mobile that exposed this data on 40 million current, past and prospective customers.

What’s more, victims of SIM swapping and number port-out fraud are often the last to know about their victimization. The FCC said it plans to prohibit wireless carriers from allowing a SIM swap unless the carrier uses a secure method of authenticating its customer. Specifically, the commission proposes that carriers be required to verify a “pre-established password” with customers before making any changes to their accounts.

According to the FCC, several examples of pre-established passwords include:

-a one-time passcode sent via text message to the account phone number or a pre-registered backup number
-a one-time passcode sent via email to the email address associated with the account
-a passcode sent using a voice call to the account phone number or pre-registered back-up telephone number.

The commission said it was also considering updating its rules to require wireless carriers to develop procedures for responding to failed authentication attempts and to notify customers immediately of any requests for SIM changes.

Additionally, the FCC said it may impose additional customer service, training, and transparency requirements for the carriers, noting that too many customer service personnel at the wireless carriers lack training on how to assist customers who’ve had their phone numbers stolen.

The FCC said some of the consumer complaints it has received “describe wireless carrier customer service representatives and store employees who do not know how to address instances of fraudulent SIM swaps or port-outs, resulting in customers spending many hours on the phone and at retail stores trying to get resolution. Other consumers complain that their wireless carriers have refused to provide them with documentation related to the fraudulent SIM swaps, making it difficult for them to pursue claims with their financial institutions or law enforcement.”…

Read more here

There’s a multibillion-dollar market for your phone’s location data

October 2, 2021/in News /by Tom Bruce

Sat. Oct. 2, 2021 | By Jon Keegan and Alfred Ng – tnw |

A huge but little-known industry has cropped up around monetizing people’s movements

Companies that you likely have never heard of are hawking access to the location history on your mobile phone. An estimated $12 billion market, the location data industry has many players: collectors, aggregators, marketplaces, and location intelligence firms, all of which boast about the scale and precision of the data that they’ve amassed.

Location firm Near describes itself as “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Mobilewalla boasts “40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data.” X-Mode’s website claims its data covers “25%+ of the Adult U.S. population monthly.”

In an effort to shed light on this little-monitored industry, The Markup has identified 47 companies that harvest, sell, or trade in mobile phone location data. While hardly comprehensive, the list begins to paint a picture of the interconnected players that do everything from providing code to app developers to monetize user data to offering analytics from “1.9 billion devices” and access to datasets on hundreds of millions of people. Six companies claimed more than a billion devices in their data, and at least four claimed their data was the “most accurate” in the industry.

“There isn’t a lot of transparency and there is a really, really complex shadowy web of interactions between these companies that’s hard to untangle,” Justin Sherman, a cyber policy fellow at the Duke Tech Policy Lab, said. “They operate on the fact that the general public and people in Washington and other regulatory centers aren’t paying attention to what they’re doing.”

Occasionally, stories illuminate just how invasive this industry can be. In 2020, Motherboard reported that X-Mode, a company that collects location data through apps, was collecting data from Muslim prayer apps and selling it to military contractors. The Wall Street Journal also reported in 2020 that Venntel, a location data provider, was selling location data to federal agencies for immigration enforcement.

A Catholic news outlet also used location data from a data vendor to out a priest who had frequented gay bars, though it’s still unknown what company sold that information.

Many firms promise that privacy is at the center of their businesses and that they’re careful to never sell information that can be traced back to a person. But researchers studying anonymized location data have shown just how misleading that claim can be.

The truth is, it’s hard to know all the ways in which your movements are being tracked and traded. Companies often reveal little about what apps serve as the sources of data they collect, what exactly that data consists of, and how far it travels. To piece together a picture of the ecosystem, The Markup reviewed the websites and marketing language of each of the 47 companies we identified as operating in the location data industry, as well as any information they revealed about how the data got to them. (See our methodology here.)

How the data leaves your phone

Most times, the location data pipeline starts off in your hands, when an app sends a notification asking for permission to access your location data.

Apps have all kinds of reasons for using your location. Map apps need to know where you are in order to give you directions to where you’re going. A weather, waves, or wind app checks your location to give you relevant meteorological information. A video streaming app checks where you are to ensure you’re in a country where it’s licensed to stream certain shows.

But unbeknownst to most users, some of those apps sell or share location data about their users with companies that analyze the data and sell their insights, like Advan Research. Other companies, like Adsquare, buy or obtain location data from apps for the purpose of aggregating it with other data sources. Companies like real estate firms, hedge funds and retail businesses might then turn and use the data for their own advertising, analytics, investment strategy, or marketing purposes.

Serge Egelman, a researcher at UC Berkeley’s International Computer Science Institute and CTO of AppCensus, who has researched sensitive data permissions on mobile apps, said it’s hard to tell which apps on your phone simply use the data for their own functional purposes and which ones release your data into the economic ether.

“When the app asks for location, in the moment, because maybe you click the button to find stuff near you and you get a permission dialog, you might reasonably infer that ‘Oh, that’s to service that request to provide that functionality,’ but there’s no guarantee of that,” Egelman said. “And there’s certainly usually never a disclosure that says that the data is going to be limited to that purpose.”

Companies that trade in this data are reluctant to share which apps they get data from.

The Markup asked spokespeople from all the companies on our list where they get the location data they obtain…

Read more here