Tuesday, January 22, 2019

Public Knowledge Gets On The FCC Case Regarding VoIP Privacy.

After reports surfaced that Voipo.com, a California based VOIP provider, exposed millions of consumer call logs and text messages stored on an “improperly secured” ElasticSearch database, perhaps for several months before security researcher Justin Paine located them. According to Mr. Paine, many of the files contained detailed customer call records, including time and date. As we reported earlier.

Public Knowledge demanding that FCC Chairman Pai to enforce existing Customer Proprietary Network Information (CPNI) rules that protect the privacy of information related to telephone calls. These CPNI rules protect consumers of both facility-based VOIP providers as well as to traditional telephone providers.

“Unfortunately, the general unwillingness of Chairman Pai to protect consumers’ privacy has led to increasing recklessness in the way telecommunications companies protect and treat our personal data. By now these companies know that there are almost no consequences for bad behavior. The FCC seems unwilling to act; Republicans in Congress have already limited the FCC’s privacy authority; and the Federal Trade Commission -- which is now the only agency with authority to investigate text messaging privacy since the FCC declared it an information service last month -- is nowhere to be seen in this space." said Harold Feld, Senior Vice President at Public Knowledge, “To counteract nearly two years of consistent ringing of the dinner bell for carriers to exploit our personal information, Chairman Pai must move immediately to make clear that the agency will enforce its rules and hold companies that fail to adequately protect call records accountable. Failure to do so will make it clear to carriers, Congress and consumers that the supposed ‘cop on the beat’ is asleep at the wheel."

VoIPo.com Leak, VoIP Service Provider Lets A Huge User Data Database Open Online

 
Change your password if you are a VoIPo customer. VoIP provider left open a data base of real production data, follow the link below to learn more.

A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.

The researcher trawled using Shodan for something left out in the open that shouldn’t have been and is amazed at what they find. The finder of this leak was Cloudflare’s Justin Paine, who on 8 January used this technique to spot an unsecured (i.e. not password protected) Elasticsearch server containing nearly 15 million documents.


This included what appear to be customer logs dating back to July 2018, and SMS/MMS logs (including time and message content) dating back to December 2015. A sample SMS published by Paine appears to be a marketing message. The extend of the leak and data could be found at this article.

Friday, January 18, 2019

Galaxy S10+ Prototype Noticed On A Bus In Korea.


Someone manged to capture someone using a Samsung Galaxy S10+ on a public transportation in South Korea. Later it was confirmed by an alleged Samsung employee, ActuallyWorkOnBixby.
According to /u/ActuallyWorkOnBixby, an alleged Samsung employee (who probably works on Bixby), the phone pictured is a Galaxy S10+ prototype being used by a worker on the bus to or from Samsung's Suwon campus in South Korea. This S10+ apparently has the security flip case on, though the security software that places a watermark with the employee and device ID on screen was disabled. He/she notes that the employee could get into a lot of trouble for removing the software.
Via androidPolice

Blog Widget by LinkWithin