Categories
Security

A man made millions unlocking T-Mobile phones with stolen passwords

A jury has found Argishti Khudaverdyan, a former owner of a T-Mobile store, guilty of using stolen credentials to unlock “hundreds of thousands of cellphones” from August 2014 to June 2019 (via PCMag). According to a press release from the Department of Justice and an indictment filed earlier this year, Khudaverdyan made around $25 million from the scheme, which also involved bypassing carrier blocks put on lost or stolen cell phones.

For years, he reportedly used several tactics to acquire the T-Mobile employee credentials needed to unlock phones, including phishing, social engineering, and even getting the carrier’s IT department to reset higher-ups’ passwords, giving him access. The DOJ says he accessed over 50 employees’ credentials, and used them to unlock phones from “Sprint, AT&T and other carriers.”

According to the indictment, Khudaverdyan was able to access T-Mobile’s unlocking tools over the open internet until 2017. After the carrier moved them onto its internal network, Khudaverdyan would allegedly use stolen credentials to access that network via Wi-Fi at T-Mobile stores.

The DOJ says that Khudaverdyan co-owned a T-Mobile store called Top Tier Solutions Inc for a few months in 2017, though the carrier ended up terminating the store’s contract because of suspicious behavior. (The other co-owner, Alen Gharehbagloo, was also accused of fraud and illegally accessing computer systems and has plead guilty.) Throughout the years, the DOJ says that Khudaverdyan marketed his unlocking services via email, brokers, and various websites, telling customers that they were official T-Mobile unlocks.

Khudaverdyan’s indictment describes a few of the purchases he and Gharehbagloo made with the money they got from unlocking phones; properties in California, a $32,000 Audemars Piguet Royal Oak watch, and a Land Rover. Gharehbagloo and Khudaverdyan are accused of leasing a Mercedes-Benz S 63 AMG and aFerrari 458, respectively. A Rolex Sky-Dweller was also seized from one of the properties.

Khudaverdyan isn’t the only person who’s gotten in trouble with the law for unlocking devices, or otherwise skirting around manufacturer-imposed limits. Last year, a man named Muhammad Fahd was sentenced to 12 years in prison for unlocking around 2 million AT&T phones, and a man named Gary Bowser was recently sent to prison (and charged a $10 million fine) for his role in a company that sold mods for the Nintendo Switch.

In some ways, these types of crimes are sympathetic — it’s hard to feel bad for companies losing out on revenue that they would’ve earned by restricting what customers can do with their devices. I’m not going to be shedding tears because the DOJ says that Khudaverdyan’s unlocks “enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans.”

Of course, the fact that such unlocks are illegal means that it’s difficult to run an unlock scheme without getting your hands dirty. Defrauding T-Mobile employees for their credentials isn’t great, nor is potentially unlocking phones phones for thieves who want to sell them on the black market. But it’d be hard for people like Khudaverdyan or Fahd to build lucrative and shady businesses doing this kind of thing if carriers made it far easier for customers to do it themselves.

Khudaverdyan is facing at least two years in prison for aggravated identity theft, and up to 165 years for the counts related to wire fraud, money laundering, and accessing a computer without authorization. A sentencing hearing is scheduled for October 17th.

Repost: Original Source and Author Link

Categories
Security

Apple releases iOS 14.7.1 to fix Apple Watch unlocking and a zero-day exploit

Last week iOS 14.7 appeared, adding features including support for Apple’s magnetic battery pack. Unfortunately, the update also interrupted the “Unlock with iPhone” feature that Apple Watch wearers used for easy access to their wristwear. Now, another update is going out to fix that.

However, even if you don’t have an Apple Watch, you should still install iOS 14.7.1 (and for Mac owners, macOS 11.5.1) as soon as you can, because security notes from Apple reveal that the two updates it pushed today fix flaws that are already being exploited in the wild. The memory corruption issues in Apple’s desktop and mobile operating systems have been assigned the same vulnerability ID and attributed to an anonymous researcher.

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30807: an anonymous researcher

According to Security Week, this is the 13th zero-day vulnerability Apple has fixed this year.

Repost: Original Source and Author Link

Categories
Tech News

4 ways AI is unlocking the mysteries of the universe

Astronomy is all about data. The universe is getting bigger and so too is the amount of information we have about it. But some of the biggest challenges of the next generation of astronomy lie in just how we’re going to study all the data we’re collecting.

To take on these challenges, astronomers are turning to machine learning and artificial intelligence (AI) to build new tools to rapidly search for the next big breakthroughs. Here are four ways AI is helping astronomers.

1. Planet hunting

There are a few ways to find a planet, but the most successful has been by studying transits. When an exoplanet passes in front of its parent star, it blocks some of the light we can see.

By observing many orbits of an exoplanet, astronomers build a picture of the dips in the light, which they can use to identify the planet’s properties – such as its mass, size and distance from its star. Nasa’s Kepler space telescope employed this technique to great success by watching thousands of stars at once, keeping an eye out for the telltale dips caused by planets.