text messaging

LTE flaws let hackers ‘easily’ spoof presidential alerts

Posted by | amber alert, Emergency Alert System, Government, hawaii, LTE, Mobile, mobile phones, president, Security, technology, telecommunications, text messaging, United States | No Comments

Security vulnerabilities in LTE can allow hackers to “easily” spoof presidential alerts sent to mobile phones in the event of a national emergency.

Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50,000-seat football stadium with little effort, with the potential of causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week.

Their attack worked in nine out of 10 tests, they said.

Last year the Federal Emergency Management Agency sent out the first “presidential alert” test using the Wireless Emergency Alert (WEA) system. It was part of an effort to test the new state-of-the-art system to allow any president to send out a message to the bulk of the U.S. population in the event of a disaster or civil emergency.

But the system — which also sends out weather warnings and AMBER alerts — isn’t perfect. Last year amid tensions between the U.S. and North Korea, an erroneous alert warned residents of Hawaii of an inbound ballistic missile threat. The message mistakenly said the alert was “not a drill.”

Although no system is completely secure, many of the issues over the years have been as a result of human error. But the researchers said the LTE network used to transmit the broadcast message is the biggest weak spot.

Because the system uses LTE to send the message and not a traditional text message, each cell tower blasts out an alert on a specific channel to all devices in range. A false alert can be sent to every device in range if that channel is identified.

Making matters worse, there’s no way for devices to verify the authenticity of received alerts.

The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders and cell phone manufacturers.” They added that adding digital signatures to each broadcast alert is not a “magic solution,” but would make it far more difficult to send spoofed messages.

A similar vulnerability in LTE was discovered last year, allowing researchers to not only send emergency alerts but also eavesdrop on a victim’s text messages and track their location.

Powered by WPeMatico

Developers can now verify mobile app users over WhatsApp instead of SMS

Posted by | Android, Apps, authentication, Facebook, iOS, Mobile, Security, SMS, Social, social media, social network, text messaging, verification, WhatsApp | No Comments

Facebook today released a new SDK that allows mobile app developers to integrate WhatsApp verification into Account Kit for iOS and Android. This will allow developers to build apps where users can opt to receive their verification codes through the WhatsApp app installed on their phone instead of through SMS.

Today, many apps give users the ability to sign up using only a phone number — a now popular alternative to Facebook Login, thanks to the social network’s numerous privacy scandals that led to fewer people choosing to use Facebook with third-party apps.

Plus, using phone numbers to sign up is common with a younger generation of users who don’t have Facebook accounts — and sometimes barely use email, except for joining apps and services.

When using a phone number to sign in, it’s common for the app to confirm the user by sending a verification code over SMS to the number provided. The user then enters that code to create their account. This process can also be used when logging in, as part of a multi-factor verification system where a user’s account information is combined with this extra step for added security.

While this process is straightforward and easy enough to follow, SMS is not everyone’s preferred messaging platform. That’s particularly true in emerging markets like India, where 200 million people are on WhatsApp, for example. In addition, those without an unlimited messaging plan are careful not to overuse texting when it can be avoided.

That’s where the WhatsApp SDK comes in. Once integrated into an iOS or Android app, developers can offer to send users their verification code over WhatsApp instead of text messaging. They can even choose to disable SMS verification, notes Facebook.

This is all a part of WhatsApp’s Account Kit, which is a larger set of developer tools designed to allow people to quickly register and log in to apps or websites using only a phone number and email, no password required.

This WhatsApp verification codes option has been available on WhatsApp’s web SDK since late 2018, but hadn’t been available with mobile apps until today.

Powered by WPeMatico

Presidential alerts we really hope Trump won’t send…

Posted by | america, donald trump, Emergency Alert System, Google, Government, Mobile, president, text messaging, Twitter, United States, White House | No Comments

Move over Twitter, President Trump now has the power to send every phone in the land a simultaneous message — thanks to the new “presidential alert”, tested by FEMA yesterday.

What’s it for? The idea is to enable the president of the United States to warn the nation of major threats — such as a natural disaster or terrorist attack.

FEMA did already have the power to mass text US phones, via the National Wireless Emergency Alert System devised by the Bush administration in 2006, which has been used for sending alerts about national emergencies like weather events or missing children at a local level.

But now the system has been expanded to allow for the White House to compose and send its own ‘presidential alert’ to all phones in a national emergency situation.

There is no opt-out.

Repeat: No opt-out.

Fortunately Congress did limit the substance of these alerts — to “natural disasters, acts of terrorism, and other man-made disasters or threats to public safety”, further stipulating that:

Except to the extent necessary for testing the public alert and warning system, the public alert and warning system shall not be used to transmit a message that does not relate to a natural disaster, act of terrorism, or other man-made disaster or threat to public safety.

But bearing in mind the ‘rip it up’ record of the current holder of office of the president of the US, there are no copper-bottomed guarantees about how ‘threat to public safety’ might be interpreted by president Trump.

So it remains a slightly mind-bending concept that the president could, say after a 3am binge-watch of his favorite TV show, fire out an alert entirely of his framing to EVERY US PHONE.

Technology is indeed a double-edged sword.

Here are a few ideas of presidential alerts we really hope Trump won’t be sending…

  • an accidental photo of a body part after he couldn’t figure out how to use the system and hit send accidentally
  • a text message intended for his son-in-law
  • “Donald Trump”
  • covfefe
  • an even worse spelling mistake, e.g. mangling the name of another world leader — like French president “Manuel Macaroon”
  • actual insults directed at other world leaders, e.g. suggesting Emmanuel Macron has a dandruff problem
  • threats of thermonuclear war
  • an unfortunate spoonerism, e.g. ‘the rockets are cot numbing’
  • a love sonnet to president Kim Jong-Un
  • encouragement to Russia to hack political opponents’ emails
  • a recipe for a “beautiful” chocolate cake
  • his golf handicap
  • an affiliate link to a brochure of Trump Tower
  • US stock market numbers
  • investment advice
  • an affiliate link to buy The Art of The Deal
  • any other book recommendations at all
  • a love sonnet to Ivanka Trump
  • a claim that the hurricane isn’t actually as bad as FEMA’s alert says it is
  • #MAGA
  • “Lock her up”
  • “His testimony was very credible, very credible”
  • “You also had some very fine people on both sides”
  • any claim about the size of the crowds at his inauguration
  • any claim about historical precedence and what his administration has achieved
  • all forms of self congratulation
  • his thoughts on the UN
  • his thoughts on NATO
  • his thoughts on the EU
  • his thoughts on China
  • his thoughts on the Queen
  • anything at all about women
  • “Melanie”
  • all insults about “the failing New York Times”
  • a heart emoji + the words “Tucker Carlson”
  • any text that includes the words “Fox & Friends”
  • any text that includes the phrase “America first”
  • a photo of Melania reclining on gilt furniture, in a gilt room, with some gilt statues
  • a selfie with anyone, especially Nigel Farage
  • any text written in ALL CAPS
  • any text ending with the word “Sad!”
  • his travel itinerary for his next trip to the Winter White House
  • a love sonnet to president Putin
  • ‘exciting’ real estate opportunities
  • credit for Brexit
  • a threat to Twitter not to shadowban conservative voices
  • “You’re fired!”
  • “Build the wall!”
  • “Mission accomplished!”
  • anything at all about president Obama
  • all sports commentary
  • anything containing the word “winning”
  • his thoughts on climate change
  • his thoughts on environmental protection
  • his thoughts on the safety of radioactive substances
  • a list of reasons why the Iran deal was a mistake
  • his thoughts on anything at all to do with the rest of the world
  • a photoshopped picture of Justin Trudeau to make him look ugly
  • diet advice
  • travel advice
  • fashion advice
  • complaints that Google is biased
  • anything about tax — unless it’s his own tax returns
  • a message to Peter Thiel asking him to come back
  • a message asking where the nearest KFC is
  • a message asking where he left his last bucket of KFC
  • a really boring and slightly blurred photo of the inside of Air Force One
  • any message about anything at all he saw on TV last night
  • “Ha-ha you can’t opt out!”
  • “Genius”
  • his thoughts

Powered by WPeMatico

Google says more than 40 carriers and device manufacturers now use its platform for RCS, the next generation of SMS

Posted by | Google, Jibe, Mobile, Mobile World Congress 2018, mwc 2018, RCS, SMS, TC, text messaging | No Comments

 Rich Communication Services (RCS) is basically the standard for the next generation of text messaging, with apps like WhatsApp, Facebook Messenger, LINE and others now offering features that go far beyond the standard SMS-based messaging apps that tend to ship with your phone — unless, of course, you are an Apple and iMessage user. Read More

Powered by WPeMatico

Europe proposes expanding telco data privacy rules to WhatsApp, Facebook et al

Posted by | Advertising Tech, Apps, data protection, email, ePrivacy Directive, Europe, european commission, Facebook, GDPR, Mobile, Policy, privacy, social media, TC, text messaging, WhatsApp | No Comments

whatsapp The European Commission has set out proposals for updating rules which govern the use of personal telecoms data that would expand their remit to cover email and mobile messaging data for the first time — meaning the ePrivacy regulation would also apply to web companies such as Facebook, WhatsApp, Apple and Google. Read More

Powered by WPeMatico

Shine is rolling out on-demand life coaching via text message

Posted by | life coach, messages, Mobile, mobile technology, shine, Startups, TC, text messaging, texting | No Comments

screen-shot-2016-10-12-at-11-47-09-am A startup called Shine is rolling out a new service offering on-demand life coaching via text messages as a paid tier to its free, daily texting service. While a number of today’s chatbots and SMS-based concierge services have been focused on helping people shop via text message, Shine to date has instead focused on helping you become a better person. Through automated texts,… Read More

Powered by WPeMatico

HeyMarket, mobile CRM for text messaging, stops you from drunk texting your customers

Posted by | Enterprise, HeyMarket, Mobile, SaaS, Startups, TC, text messaging | No Comments

HeyMarket (1) Like most stories worth telling, this one begins with bad time management. The day I was set to fly out to San Francisco, I was on the road with a friend driving to Chapel Hill from Chicago. By the time I got back, I had just under an hour to pack for my new home. I got to the airport 20 minutes before my flight and clutched a miracle. Unfortunately, my checked bag was not as lucky. Read More

Powered by WPeMatico

Twitter Is Monkeying Around With The Order Of Tweets In Your Timeline

Posted by | Apps, chronological, Facebook, jack dorsey, Media, microblogging, Mobile, order, real time Web, reverse chronological, Social, TC, text messaging, tweets, Twitter | No Comments

1469189397_bb3de49cc0_o I’ve been told by insiders at Twitter that “nothing is sacred” when it comes to making Twitter “easier to use” and ready to onboard the next few hundred million users that Twitter needs to be a powerhouse in media. The latest tweaks and horsing around have to do with the order of tweets you see in your timeline.
The hallmark of Twitter has been the reverse… Read More

Powered by WPeMatico

Not Into The Hearts? Twitter Appears To Be Testing Multi-Emoji Reactions

Posted by | Apps, Media, microblogging, Mobile, real time Web, Social, TC, text messaging, Twitter | No Comments

hearts-for-stars1 Yes, the fav turned into a like. The star turned into a heart. Some tweeters were not very happy about this change even though Twitter said engagement was just fine — increased among new users, in fact. Today, we’ve learned that Twitter, which tests many things all of the time, is letting folks play with the ability to share reactions in multiple ways by way of emojis. Forget… Read More

Powered by WPeMatico

Twitter Doing More With GIFs, Introduces Feature Called “ScratchReel”

Posted by | Apps, gif, Media, microblogging, Mobile, real time Web, ScratchReel, Social, TC, text messaging, toys, Twitter | No Comments

Cat Djs Twitter tweeted out a new toy for you to play with for video called “ScratchReel.” Basically, it lets you scrub a short GIF back and forth for cool effects.
Check it out here (to see the actual effect you have to visit the native tweet):

Spotted a ScratchReel yet? Scrub back & forth to help the @WSL surfer escape the tube!

⏪ ⏩

Only on Twitter, dude. Read More

Powered by WPeMatico