Security News: Phone Networks Compromised by Spies, macOS Infostealers on the Rise, and More

By Cullen Thomas Fri, 12/13/2024

Here, find your monthly briefing on the latest hacks, scams, news, Apple security patches—and what you can do about it.

In this roundup:

Hacks, Scams, Trouble + What to Do

Are Your Phone Calls Accessible to Chinese Spies? What to Know About Their Comprehensive Hack of US Cell Carriers

Chinese government hackers have compromised a wide swath of phone companies in the US and elsewhere, and accessed vast troves of private information through the cell networks. The chair of the US Senate Intelligence Committee told the Washington Post it is the “worst telecom hack in our nation’s history — by far.”

iPhone Life
Discover your iPhone's hidden features
Get a daily tip (with screenshots and clear instructions) so you can master your iPhone in just one minute a day.

It’s a bad look for telecoms, including (allegedly) Verizon, AT&T, T-Mobile, Lumen, and others. But there are steps you can take to protect your own communications.

The US Cybersecurity and Infrastructure Agency and the FBI made the announcement in mid November: Chinese government spies are all up in our phone networks. Since then, the hack has received a lot of media attention. The hackers, dubbed Salt Typhoon, have accessed records of who called whom and for how long. They have intercepted text messages and may be in a position to intercept more. They’ve also accessed some audio of calls between particularly important targets such as members of the US Presidential campaigns (targeting both political parties). They have accessed the system that US law enforcement uses to request a digital wiretap to intercept a specific target’s communications. Chinese spies did not have full access to that wiretap system (probably), but they did have the ability to log when a request was made, and who it targeted. The spies have not been evicted from telco networks, which means their activities are ongoing.

According to the Washington Post, gov officials have characterized the hack as espionage—that is, these are spies looking for information of value to the government of China, as opposed to criminals or saboteurs. That may be the saving grace for those of us who are of little interest to the gov of China, though it is no consolation to those China’s government views as dissidents. Either way, it’s worth taking extra steps to protect your own communications.

For years, the compromise of telecom company networks in order to intercept text messages, etc. has been fairly work-a-day for spies and criminals alike. Telecom networks are vast and will always have outdated computers lurking in obscure data centers, physically vulnerable routing nodes, and other weaknesses. They’re also a tantalizing target for government spooks to gather intelligence on foreign adversaries. This is why, for years, advocates like myself have harped on about using encrypted communications such as iMessage and Signal.

The Bottom Line: Communications apps that use end-to-end encryption correctly will protect your messages and calls from anyone lurking in the wires. If you use iMessages, then your texts to other iMessage users are already encrypted end-to-end. However, this won’t protect your conversations with Android users, and the Messages app doesn’t reliably stick to sending iMessages. For guaranteed secure communication, we recommend the Signal app. But since both parties in a message conversation must use the same end-to-end encrypted app, their usefulness depends on how many of your contacts are willing to use the same app. So while it likely has worse security than Signal, the already widely adopted WhatsApp is also a good option since it too is end-to-end encrypted. 

Latte Unusually Slow? This Hack Might Be Why

An Arizona-based cloud services provider known as Blue Yonder has been hit by a ransomware attack that is currently affecting companies worldwide, including Ford, Starbucks, Albertsons, Kroger, and others.

As a result of the hack, Starbucks has had to manually work out payments to its employees, as the company relies on software from Blue Yonder to manage baristas’ schedules. According to CNN, Starbucks is committed to ensuring that all of its employees are paid for all hours worked during the outage.

In addition, many companies are experiencing supply chain disruptions since they rely on software managed by Blue Yonder. CNN states that Blue Yonder itself has hired Crowdstrike (who you might remember from a few months ago as the cybersecurity firm that caused a major outage) to help it recover from this attack. The company is also working closely with its customers to ensure minimal impact.

According to Cybersecurity Dive, a group called Termite has claimed responsibility for the attack. Termite also claims that it possesses 680 GB of Blue Yonder data, which it intends to use for further attacks.

The Bottom Line: When it comes to ransomware attacks like this, there isn’t much you can do, personally, as you are likely not the target of the attack (unless you happen to work for one of the affected companies). As usual, stay alert for suspicious emails, texts, or phone calls.

Warning: MacOS Infostealers on the Rise

Elastic Security wrote up a deep dive into Bansee, a new and powerful malware designed to steal passwords and cryptocurrency from Mac computers. MacOS is facing increased attention from hackers who create infostealer malware, probably due to the tendency of cryptocurrency traders to prefer Mac devices (for their better security). However, Banshee malware got wrecked in a completely unexpected way, and that is both good news and bad news.

Like any good infostealer malware, once it’s installed on a Mac, Banshee would quickly yoink all the passwords stored in web browsers, extract cryptocurrency from wallets, and rifle through the browser extensions looking for anything of value. However, unknown hackers leaked the full source code for Banshee
. When the source code for a malware becomes available, that means that antivirus software can quickly learn how to detect the Malware, rendering it much less effective, but also other hackers can learn its tricks and build on them. This move means that whoever was making Banshee can’t get away with selling it anymore (that’s good!), but it also means that more Banshee-like software is likely to spring up in the near future (that’s bad).

The Bottom Line: As Mac-focused infostealers become more common, it’s a good idea to employ a malware scanner on your Mac device. We typically recommend Malwarebytes, but there are many good malware scanners on the market. This is part of a “defense in depth” strategy where no barrier defends your devices and your data. Instead, you want to take every reasonable measure to prevent malware from getting installed on your device (with ad blockers and privacy-preserving web browsers), to detect it if it is installed (with malware scanners), and to limit the damage it could inflict (with robust password managers that are not web browsers).

This Should Be on Your Radar

Play Pokemon Go? You May Have Helped Train the Robot Assassins of the Future

The company behind Pokemon Go has used player location data to train an AI for autonomous navigation, and they’re selling it to whoever’s buying, including the military. Side note: we hope this is the weirdest headline we ever write.

HarperCollins Allows Authors to Opt In to Using Their Works to Train AI

The publisher offered authors a flat fee of $2500 for the right to train AI on their works. It’s nice that they asked first.

Mozilla Removes “Do Not Track” Feature from Firefox

The Do Not Track setting essentially has the browser ask websites to not track your activity, but many websites do not honor it. Mozilla is removing the setting.

Apps Selling Your Private Location Data Potentially Reined in by the FTC

A proposed FTC Ruling would ban Gravy Analytics Inc. and its subsidiary Venntel Inc. from collecting or selling user data related to healthcare and other sensitive locations. Venntel is reportedly the data broker responsible for the data set that powers the Locate X app which we covered last month. Other data brokers are still gathering and selling your location data, including ones especially designed to let law enforcement see who is visiting which doctors.

AI “Granny” Designed to Waste Scammer’s Time

The AI-driven character will answer calls from suspected scammers and attempt to keep them on the line as long as possible with tech bumbling.

Stolen Credit Card Marketplace is Shut Down by the Feds

PopeyeTools, an online marketplace to buy stolen credit card information, is no more. Read more at The Record from Recorded Future.

Ever Fall for a Phishing Message? Here’s Why They Can Be So Hard to Spot 

As in every job, criminal scammers are only as good as their tools. One of their most important tools is the software that helps them effectively phish: set up fake websites to collect credentials and send matching text messages to effectively lure victims to those traps, etc etc. Phishing software can get pretty complex, but most scammers aren’t programmers. So, they buy or rent “phishing kits” to get all the tools they need. Trustwave has published a two-part blog series on phishing kits, exploring how they work and what they’re capable of.

Security Fail of the Month

Alleged Snowflake Hacker Caught… Because He Threatened the Wrong Lady

Back in July you might remember a series of high profile data thefts from Ticketmaster, AT&T, Advance Auto Parts, LendingTree, and others, all through compromising those company’s accounts with the data warehousing service Snowflake. The hacker allegedly responsible for those breaches (who went by the online handle of “waifu”) launched a series of public threats against Allison Nixon, who is the chief research officer at a cybersecurity firm specializing in de-masking cybercriminals. At the time, her firm was not researching his case, but that changed. Now he’s in prison. On her social media, Allison Nixon acknowledged this victory with a post that just said: “Who wants to be next?”

Security Updates from Apple

Everything you need to know about Apple’s latest software updates.

Major Feature Update with iOS 18.2

  • The most recent iOS and iPadOS is 18.2
  • The most recent macOS is 15.2
  • The most recent tvOS is 18.2
  • The most recent watchOS is 11.2
  • The most recent visionOS is 2.2

iOS iOS 18.2 released on December 11th with the next round of Apple Intelligence features and a bunch more besides. Here’s some of what was added with iOS 18.2:

  • Image Playground, the generative AI image creation app
  • Genmoji, the ability to create a unique emoji from a text prompt
  • ChatGPT integration with Siri
  • Upgrades to Writing tools
  • A redesigned Mail app
  • A new section in the Settings app for selecting default apps to open different kinds of content
  • Some improvements to the how iPhone 16 series camera control buttons work
  • AirTag location tracking bugs will be shareable
  • New setting to always show the volume slider on the lock screen audio widget
  • Layer audio tracks in the Voice Memos app

Many of these features are shared across Mac and iPad devices with iterations of their own operating systems.

Mission Statement

There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Sarah Kingsbury.

Next Steps:

For a rundown on our top security tips, watch our free intro class on cybersecurity for Apple enthusiasts or check out our free one hour cybersecurity awareness month training.

Interested in Apple Intelligence? Check out:

Master your iPhone in one minute a day: Sign up here to get our FREE Tip of the Day delivered right to your inbox.

Topics

News
Privacy & Security

Author Details

Cullen Thomas's picture

Author Details

Cullen Thomas

Cullen Thomas is a senior instructor at iPhone Life. For ten years as faculty at Maharishi University, Cullen taught subjects ranging from camera and audio hardware to game design. Cullen applies a passion for gadgetry to answer questions about iPhones, iPads, Macs, and Apple cloud services; to teach live classes; and to specialize in the privacy and security aspects of the Apple ecosystem. Cullen has dual degrees in Media & Communications and Literature, and a Masters degree from the David Lynch Graduate School of Cinematic Arts.

Offline, Cullen designs videogames with Thought Spike Games, writes fiction, and studies new nerdery.

Mastodon: @CullenWritesTech@infosec.exchange

Email: cullen@iphonelife.com

Signal: +1-512-814-5526