Search This Blog

Showing posts with label Mobile Security. Show all posts

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.

Food blogger Jack Monroe lost 5000 Euros in phone number theft



"I lost 5000 Euros when my phone number was hacked and re-used on another sim card," says Jack Monroe. The culprits then successfully received her two-time verification information and obtained her bank and cash records."I was already concerned about the safety and had several steps in check," said Jack in a tweet. The industry was not able to address the "sim-jacking," says a privacy campaigner. The blogger expressed her anger in a tweet when she was told, 'although she would get her mobile number back in no time, the amount stolen will take time to refund.' "The cash taken has cost me very much - I'm a self-engaged freelancer and I have to work for every cent that I make," she tweeted.

The food writer is recognized for her cost-effective recipes and her support for campaigns against poverty. Sim-jacking, or Sim-swapping, is when culprits switch a mobile number with another Sim and use it as their own. This is done by criminals pretending as a consumer who wants to shift to a separate mobile service provider but doesn't want to change the phone number.

While personal information is required before requesting a sim transfer, the information is sometimes already available on the internet. - In this case, Ms. Monroe's date of birth, for instance, was retrieved from the internet. In other cases, the shop keepers or sim providers are often tipped for sim-jacking.

The first sign of sim hijacking for the victim is when their phone stops functioning. "The cases of sim-swapping in England are rare but there have been instances in other parts of the world. The industry is unable to combat the problem of sim-jacking," said Pat Walshe, Director, Privacy Matters, to BBC. The task of sim swapping is not common but one can do it easily if they want to, says Pat.

If ever caught in sim-jacking, the victims should always report the incident to their mobile operator or the ICO (Information Commissioner's Office). "The case should now push the ICO to inquire whether mobile operators and shop owners are actively following the protocol to protect services and data under telecommunication privacy laws," said Pat. The Global System for Mobile Communications, commonly known as 'GSMA' has made an alternative mobile identification verifier known as Mobile Connect. The ICO has been contacted by BBC, regarding the data theft problems.

Telecom Major Airtel Exposes a Major SIM-Swapping Racket


Telecom major Airtel exposes a major SIM-swapping racket that could hijack users' premium numbers and enable the hackers to commit online banking fraud via fake Aadhaar cards.

The complaint filed by Stanely Agenlo, head of facilities, Bharti Airtel, on September 19 reads, ""It has come to Airtel's notice that the Point of Sale have (sic) involved in fraudulent SIM swap of the mobile numbers by forging Proof of Address/Proof of Identity documents of the original customers..."

18 mobile numbers were identified by Airtel in a complaint to the Cyber Crime Police, CID, Bengaluru, where SIM cards were swapped by its retail agents utilizing the 'forged' Aadhaar papers from January 1 to September 19 this year.

The sham was exposed when customers called Airtel helplines saying their numbers had ceased to working all of a sudden and their SIM cards referred to be related to certain 'fancy' numbers ending with digits like 12345, 77777, 33333 and 00000.

“It is suspected these SIM cards might have been used for committing online bank fraud. Further, an internal inquiry by Bharati Airtel disclosed that there is a deep-rooted nexus between the POS retailers and impersonators. The agents committed the above act from January 1to till date,” said Airtel's complaint.

While CID has registered a FIR under the Information Technology Act, 2008 and has already identified a couple of the accused, their sources state that: “We learnt the accused provided SIM cards to customers from other states. But we are not sure of the reason behind the offence; it could be online fraud or just a fancy number racket. But looking at the scale of the fraud, it is unlikely to be limited to fancy numbers alone.”

Police, nonetheless, states that the scam may include thousands of numbers where duplicate SIM cards were procured by adapting to forged identities and address-proof documents, a device progressively being utilized by fraudsters and hackers alike.

When approached for a comment Airtel declined to react on the progress made.

Criticism against Google Play Store on the Rise about Malware-Laced Apps




Google Play Store has come in for a serious criticism as of late, with various alerts about malware-laced apps which have frequently been on the store for quite a long time, or even years, and which have been installed by a huge number of users.

This most recent cautioning concerns four VPNs and two selfie apps, with in excess of 500 million installs between them, all of which contain harmful adware and which look for hazardous system permissions that can exact serious harm.

Regardless of significant efforts to clean house the issue stays pervasive and users stay in danger.

Google Play Protect is therefore one storefront intended to make preparations against application vulnerabilities and, in 2018, Google “detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55%, and we increased app suspensions by more than 66%."
However, once more the warnings still remain that dangerous applications are as yet accessible for install on Google's official store.

First was a notice from security researcher Andy Michael around four Android VPNs that are 'bombarding devices' with false ads—creating income for their operators to the detriment of the organizations setting the advertisements.

Second, was a notice from security researchers at Wandera that two camera filter apps with more than 1.5 million installs between them have been tainting devices with adware.

In any case Google's Android (and Apple's iOS) is making it progressively simple for users to track permissions granted and application misuse now and every user has been informed to take advantage of every one of the protections set up, clicking with caution and keeping their smartphones protected from the would-be-intruders to every extent they can.

This is all in light of the fact that the clever malware attacks still exist out there—and they can be very difficult to detect.

Google about to Roll Out One of the Most Awaited Features



In 2018, Google broke headlines for tracking its users location even after they disabled the sharing of location history via their privacy settings.

There were complaints against the company, stating, "Google represented that a user ‘can turn off Location History at any time. With Location History off, the places you go are no longer stored.’ This simply was not true."

In the wake of receiving intense criticism over location history, Google came up with necessary adjustments which now allow users to stop the tech giant from tracking them, except for the applications in which location data is of utmost importance such as Waze and Google Maps.

In an attempt to make Google Maps even more secure and trustworthy, the company added enhanced security features related to location privacy in Android 10; to further better the services and regain the lost user trust, Google is planning to add Incognito Mode to Google Maps and the feature is said to be in testing.

Users can always put restrictions on the location data collected by Google Maps by signing out of their Google account, but it will come at the cost of their convenience, therefore, Google is planning to introduce Incognito Mode which can be turned on by the users in the same way they do it for Youtube or Google Chrome to delink the search or navigation data from their main Google account.

In order to activate Incognito Mode, users can simply choose the option from their Google account avatar and they will be informed about the app being in incognito mode by a black status bar and the marker indicating the location will turn into dark from blue to mark the change.

To enable the feature, users are recommended to install Preview Maps version 10.26 or higher and for those who are not a part of Preview Maps test group, wait until the company releases it on a wider scale.


Hackers Exploiting a Critical Weakness in Mobile Phones to Track Location



The interface designed for the usage of cell carriers is being exploited heavily by attackers. It allows the cell carriers to get in direct touch with the SIM cards inside subscribers' smartphones, the interface can be employed by the carriers for allowing subscribers to make use of the data stored on their SIM card to provide account balances along with other specialized services.

Hackers can secretly track the location of subscribers by exploiting the interface and giving commands to acquire the IMEI identification code of device; the Simjacker exploit further allows them to carry out actions such as making calls or sending messages.

According to the researchers at AdaptiveMobile Security, the working of the Simjacker exploit is not limited to a few devices, rather, it can be carried out on a wide range of mobile phones, irrespective of their software or hardware.

Unfolding the various aspects of the attack, Dan Guido, a mobile security expert and the CEO of security firm Trail of Bits told Ars, “This attack is platform-agnostic, affects nearly every phone, and there is little anyone except your cell carrier can do about it.”

While commenting on the issue, Karsten Nohl, the chief scientist at SRLabs, told Ars, “We could trigger the attack only on SIM cards with weak or non-existent signature algorithms, which happened to be many SIM cards at the time,”

 “AdaptiveMobile seems to have found a way in which the same attack works even if signatures are properly checked, which is a big step forward in attack research.” He added.

iPhone hacking sites were also after Android, Windows users


Those hackers Google’s researchers sussed out earlier this week apparently went after more than just iPhone users. Microsoft’s operating system along with Google’s own were also targeted, according to Forbes, in what some reports are calling a possibly state-backed effort to spy on the Uighur ethnic group in China.

Google’s Threat Analysis Group was the first to discover the scheme earlier this year (news of the campaign was first disclosed Thursday). It involved a small group of websites aiming to infect visitors’ devices to gain access to their private information, including live location data and encrypted information on apps like on WhatsApp, iMessage, and Telegram. These websites were up for two years, during which thousands of visitors purportedly accessed them each week.

In February, Google notified Apple of 14 vulnerabilities the site’s malware exploited, which the company fixed within days with iOS 12.1.4. Apple disclosed in that update that the flaws, referred to as “memory corruption” issues, were fixed with “improved input validation.” The company hasn’t publicly addressed Google’s account of the hack since the news broke earlier this week.

While the Google team only reported iPhone users being targeted by this attack, sources familiar with the matter told Forbes that devices using Google and Microsoft operating systems were also targeted by these same sites. Thus widening the potential scale of an already unprecedented attack.

Whether Google found or shared evidence of this is unclear, as is whether the attackers used the same method of attack as they did with iPhone users, which involved attempting to sneak malicious code onto users’ phones upon their visit to the infected websites. When asked about these reported developments, a Google spokesperson said the company had no new information to disclose. We also reached out to Microsoft and will update this article with their statements.

Sensors existing in smartphones themselves present a gateway to hackers.

According to a study led by an Indian-origin scientist Shivam Bhasin, NTU Senior Research, data from your smartphone sensors can reveal PINs and passwords to hackers and allow them to unlock your mobile devices. Researchers from Nanyang Technological University (NTU) in Singapore used sensors in a smart phone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.

Instruments in smart phones such as the gyroscope and proximity sensors represent potential security vulnerability, said researchers.

Utilizing machine learning calculations  and algorithms and a combination of data gathered from six different sensors found in smartphones, the researchers accomplished in unlocking Android smart phones with 99.5 per cent precision in just three tries, while tackling a phone that had one of the 50 most basic and common PIN numbers.

The team of specialists took Android phones and installed a custom application which gathered information from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.

"When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9," said Bhasin.

Albeit every individual enters the security PIN on their phone in a different way, the researchers demonstrated that as information from more individuals is fed to the algorithm after some time, the success rates improved.

So while a vindictive application will most likely be unable to effectively figure a PIN  instantly after installation, but by using machine learning, it could gather information from a huge number of users over time from each of their phones to take in their PIN entry pattern and then dispatch an attack later when the success rate is substantially higher.

The study demonstrates how gadgets with apparently strong security can be attacked using a side-channel, as sensor information could be redirected by vindictive applications to keep an eye on the user behaviour and help to access the PIN  and password data, said Professor Gan Chee Lip from NTU.

To keep Mobile phones secure, Dr Bhasin encourages users to have PINs with more than four digits, combined with other validation techniques like one-time passwords, two-factor confirmations, and unique finger impression or facial recognition.

Be careful with whom you share your Jio Hotspot!

If you are sharing your Jio internet with others via mobile hotspot, you should know what is the risk that you are taking.  Our research shows that sharing your Jio with others puts your sensitive information in their hands.

The person who is using your Jio Internet can easily log into your Jio account. All they have to do is download the MyJio app and click "SIGN IN WITH SIM". 

Steps to replicate:
Step 1:
    You should have two phones - one with Jio Sim and another one with non-Jio SIM(make sure you have not installed Jio app in the second phone yet).

Step 2:
    Turn on Wi-Fi hotspot in the Jio phone and connect from your non-Jio phone

Step 3:
    Install Jio app from playstore and open.  When it is asking for authentication, click "SIGN IN WITH SIM". Now you will be able to access the Jio account from your non-Jio mobile.

View/Modify Details:
After logging in, it is possible to view sensitive information including name, date of birth, mobile number, alternate contact work, address, photo, usage details.  Also, some of the details can be edited.



Once you are logged in, the session is getting maintained even if you are disconnected from the Jio network.

Account lockout:
If you mistakenly log out from the Jio-phone when it is logged in the non-Jio phone, you won't be able to log in to your Jio app unless the other person logs out from the app.

If the victim has installed Jio Security app, it is possible for an attacker to track the current location or see the last location details.

Let's say that you are in public place and a stranger(attacker) asking for Internet connection to check his email.  If you share the Internet, it is enough for the attacker to steal your sensitive information.

The issue can be resolved by adding OTP Check when doing authentication.

We thank Suriya Prakash from Cyber Security & Privacy Foundation(CSPF) for helping us with this research.

Tapjacking in Android devices can lead to malware download

The functionality of overlaying multiple activities in Android API can be combined with handling of events to trick users into downloading malicious applications without the user's knowledge.

The authorization  « android.permission.SYSTEM_ALERT_WINDOW » existing since the first version of the developer API and affecting even the last version of the application « Google Play Store »  can be used to create alerts which always stays on the top e.g. low battery levels which are used in the systems. Now, this alert window can be not touchable.

This not touchable window can be programmed so that touch events are never transmitted to this window or touch events can be automatically transmitted to underlying activity. So, utilizing the android API functionality a different event window can be placed underneath this not touchable window.

Since the alert window can be utilized to communicate touch events to an underlying window, the attacker can place buttons and images at right locations for the victims to touch it. It would then be relayed to the window beneath which would cause a application to be downloaded without any intent of the user.

Increasingly as the users have become alert towards downloading apps which ask for control to contacts, texts or images, the challenge to the attackers lie in tricking the users to  download without even showing the app terms and policies. 

So,this "tapjacking" can be applied by attackers to lead users to download malicious apps. It can be conducted in games or any other kinds of applications. Though a theoretical security issue till now, technically, this method can be exploited to infect all kinds of Android devices, irrespective of the version. It has been tested on Nexus 4 under Android 4.3,Android 4.4 and Nexus 5 under Android 4.4 by NES security lab and a notification has been sent to the Android security team for its resolution.

Lookout Prediction says More mobile malware expected in 2012 : Malwarenomics

Lookout Mobile Security released "Malwarenomics: 2012 Mobile Malware Predictions" .  The report says mobile malware attack will be increased in 2012, more malware will masquerade as legit apps and leads to fake sites.

Money seems the most significant motivation behind the most egregious mobile malware Lookout studied:
When mobile malware producers are able to steadily increase profits from infections more than they pay to infect devices, the industry will grow rapidly. There are a number of trends seen in 2011 that we expect to carry over into 2012 (perhaps at a greater rate) that will drive down the cost of infection and drive up profitability.

From their 2011 research on mobile threats, the company identified some specific instances where consumers should use extra caution when downloading apps or clicking links on their phone:

  • Visiting third party app stores. Lookout found that malware writers often test malware in alternative app markets before trying to place it in the Android Market or App Store. When discovered, malware is usually pulled more quickly from these primary distributors than it is from alternative markets. The likelihood of you encountering malware on an alternative app store increases dramatically.
  • Downloading gaming, utility and porn applications. Be careful to check reviews on these apps before you download. We found that these types of apps are most likely to have malware hidden inside of them.
  • Clicking on a shortened URL (e.g. bitly link) in an SMS message or on a social networking site. Users are three times more likely to click on a phishing link on their mobile device than they are on their PC (Trusteer 2011). Because we expect malware writers to increase web-based distribution, it’s time to start using extra caution when clicking on links on our mobile phones.
  • An app asks you to click “OK”. Don’t “auto pilot” through the prompts an app shows you in order to perform a certain function or deliver a service. Sometimes these apps are greyware, which hide in fine print that they will charge you via premium rate text messages.
  • Clicking on in-app advertisements. Not all advertisements are bad. In fact, most are okay. But some are examples of malvertising and could direct you to a malicious website, prompt you to download malware, or violate your privacy. When clicking on ads, you need to make sure that the ad directs to where you expect to be directed.

Apple Exiles Charlie Miller( A Serial Hacker) for publishing iPhone exploit

 Apple exiles a Security Researcher Charlie Miller from its developer program.Apple just sent a clear message to malicious hackers and security researchers alike: Keep your hands off the App Store.

He has exposed lot of critical vulnerabilities in Apple's Mac and mobile platforms.  Recently, he has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.



At the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory. Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

After few hours, Apple send an email that informed "This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple".

Video Demo of iPhone Bug:


In February, Apple invited security researchers to become part of its developer program to test its Lion operating system. Miller says he had already paid for his own developer license. “They went out of their way to let researchers in, and now they’re kicking me out for doing research,” Miller says. “I didn’t have to report this bug. Some bad guy could have found it instead and developed real malware.”

According to Forbes, the Miller’s application has now been removed from the App Store.

Free AVG Mobilation Application for Android ~ Anit Malware



Android becomes popular , at the same time  malware for Android mobiles started to increase rapidly.  In order to provide mobile security AVG released AVG Mobilation App for Android.  There are two versions available , Free and Pro.   They offer the full "pro" version with a value of around € 7

AVG Pro
"AVG Pro Mobilation" scans Android under individual applications, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Map. This is especially handy if you have lost your Android device, or it was even stolen. However, you must advance your device via e-mail address registered on the app

The security app also allows you to create backups in order to recover critical applications and data at any time. This service is still in beta phase. Next you delete with "AVG Pro Mobilation" individual tasks that reduce the speed of your mobile phone.

How safe are Mobilation AVG Pro
Exclusive to the Pro version of AVG Mobilation app you will also receive protection from virus-infected message. Also, you can block spam messages with the app.

The anti-virus feature is updated regularly, of course. New features in this version, however you will not be recorded via an update - unless you purchase "AVG Pro Mobilation" later bought.

AVG Anti-virus Free
"AVG Anti-Virus Free" Android scans under a single application, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Maps map. This is especially handy if you have lost your Android device, or it was even stolen.

The free app that allows to create backups in order to recover critical applications and data at any time. Next you delete with "AVG Anti-Virus Free 'individual tasks that reduce the speed of your mobile phone.

Get Free version from Here.

Ethical Hacker to Demonstrate 'Weak' Mobile Internet Security

BERLIN — A German computer engineer said Tuesday that he had deciphered the code used to encrypt most of the world’s mobile Internet traffic and that he planned to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl, who published the algorithms used by mobile operators to encrypt voice conversations on digital phone networks in 2009, said during an interview he planned to demonstrate how he had intercepted and read the data during a presentation Wednesday.

Mr. Nohl said he and a colleague, Luca Melette, intercepted and decrypted wireless data using an inexpensive, modified, 7-year-old Motorola cellphone and several free software applications. The two intercepted and decrypted data traffic in a five-kilometer, or 3.1-mile, radius, Mr. Nohl said.
The interceptor phone was used to test networks in Germany, Italy and other European countries that Mr. Nohl declined to identify. In Germany, Mr. Nohl said he was able to decrypt and read data transmissions on all four mobile networks — T-Mobile, O2 Germany, Vodafone and E-Plus. He described the level of encryption provided by operators as “weak.”

In Italy, Mr. Nohl said his interceptions revealed that two operators, TIM, the mobile unit of the market leader, Telecom Italia, and Wind did not encrypt their mobile data transmissions at all. A third, Vodafone Italia, provided weak encryption, he said.

A spokeswoman for the GSM Association, the industry group based in London that represents global telephone operators, said the group would await details of Mr. Nohl’s research before commenting. A spokesman for O2, which is owned by Telefónica of Spain, said the operator followed Mr. Nohl’s research closely and would take account his findings in its own operations.

Vodafone said in a statement that “We regularly review security measures and carry out risk assessments to prevent the kind of exploit described. We implement appropriate measures across our networks to protect our customers’ privacy.”

Mr. Nohl said he developed his interception technology on an internal broadband network he set up at his research firm, Security Research Labs, in Berlin. His tests focused on mobile data networks that ran on the General Packet Radio Service, or GPRS, technology, which is used widely across the globe.

GPRS networks were introduced in 2000 as successors to GSM digital networks and were the first mobile networks to deliver significant data besides short text messages. GPRS networks are still widely used as backups for newer, faster 3G wireless networks, and consumers are often diverted to GPRS grids when they reach the limits of their monthly data plans.

Rogers Communications, a Canadian operator, estimates that 90 percent of mobile data traffic still runs on GPRS networks.

Mr. Nohl said he was surprised to find that the two Italian operators, TIM and Wind, did not encrypt their data traffic at all. In a statement, TIM would not confirm Mr. Nohl’s claims.

“TIM confirms that it uses state-of-the-art radio mobile technologies from primary international vendors to guarantee the protection of its mobile communications,” it said.

Mr. Nohl, who said he works for mobile operators who hire him to detect vulnerabilities in their systems, said many operators continue to run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype, an Internet-based service that allows consumers to make voice and video calls without using the operators’ voice networks.

“One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion,” Mr. Nohl said. “With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system.”

Mr. Nohl said he intended to release his instructions at a conference of the Chaos Computer Club, a computer hackers’ group, which is being held near Berlin in Finowfurt, Germany. They will describe how to convert a Motorola C-123 cellphone, which is designed to run open-source software, into an interception device. But he said he would not release the keys to unlock the encryption used by operators to secure GPRS networks.

Mr. Nohl said his research was intended to prod mobile operators to improve the security of the wireless Internet, which he said was rudimentary compared with the safeguards protecting data sent over conventional, fixed-line computer networks. He said he destroyed the data he had intercepted from networks in Europe, and did not condone eavesdropping, a crime in Europe.

“We are releasing the software needed to reprogram cheap Motorola phones to become GPRS interceptors,” Mr. Nohl said. “This exposes operators with no encryption, like those in Italy, to immediate risk.”

Mr. Nohl said the release of the information would give mobile operators “a few months” to improve security before other hackers recreated his results and attempted to breech security of the mobile broadband networks.

source: nytimes