ReportWire

Tag: tmobile

  • Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

    Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

    [ad_1]

    The 2024 US presidential election is entering its final stretch, which means state-backed hackers are slipping out of the shadows to meddle in their own special way. That includes Iran’s APT42, a hacker group affiliated with Iran’s Islamic Revolutionary Guard Corps, which Google’s Threat Analysis Group says targeted nearly a dozen people associated with Donald Trump’s and Joe Biden’s (now Kamala Harris’) campaigns.

    The rolling disaster that is the breach of data broker and background-check company National Public Data is just beginning. While the breach of the company happened months ago, the company only acknowledged it publicly on Monday after someone posted what they claimed was “2.9 billion records” of people in the US, UK, and Canada, including names, physical addresses, and Social Security numbers. Ongoing analysis of the data, however, shows the story is far messier—as are the risks.

    You can now add bicycle shifters and gym lockers to the list of things that can be hacked. Security researchers revealed this week that Shimano’s Di2 wireless shifters can be vulnerable to various radio-based attacks, which could allow someone to change a rider’s gears remotely or prevent them from changing gears at a crucial moment in a race. Meanwhile, other researchers found that it’s possible to extract the administrator keys to electronic lockers used in gyms and offices around the world, potentially giving a criminal access to every locker at a single location.

    If you use a Google Pixel phone, don’t let it out of your sight: An unpatched vulnerability in a hidden Android app called Showcase.apk could give an attacker the ability to gain deep access to your device. Exploiting the vulnerability may require physical access to a targeted device, but researchers at iVerify who discovered the flaw say it may also be possible through other vulnerabilities. Google says it plans to release a fix “in the coming weeks,” but that’s not good enough for data analytics firm and US military contractor Palantir, which will stop using all Android devices due to what it believes was an insufficient response from Google.

    But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    A US federal appeals court ruled last week that so-called geofence warrants violate the Fourth Amendment’s protections against unreasonable searches and seizures. Geofence warrants allow police to demand that companies such as Google turn over a list of every device that appeared at a certain location at a certain time. The US Fifth Circuit Court of Appeals ruled on August 9 that geofence warrants are “categorically prohibited by the Fourth Amendment” because “they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search.” In other words, they’re the unconstitutional fishing expedition that privacy and civil liberties advocates have long asserted they are.

    Google, which collects the location histories of tens of millions of US residents and is the most frequent target of geofence warrants, vowed late last year that it was changing how it stores location data in such a way that geofence warrants may no longer return the data they once did. Legally, however, the issue is far from settled: The Fifth Circuit decision applies only to law enforcement activity in Louisiana, Mississippi, and Texas. Plus, because of weak US privacy laws, police can simply purchase the data and skip the pesky warrant process altogether. As for the appellants in the case heard by the Fifth Circuit, well, they’re no better off: The court found that the police used the geofence warrant in “good faith” when it was issued in 2018, so they can still use the evidence they obtained.

    The Committee on Foreign Investment in the US (CFIUS) fined German-owned T-Mobile a record $60 million this week for its mishandling of data during its integration with US-based Sprint following the companies’ merger in 2020. According to CFIUS, “T-Mobile failed to take appropriate measures to prevent unauthorized access to certain sensitive data,” in violation of a National Security Agreement the company signed with the committee, which assesses the national security implications of foreign business deals with US companies. T-Mobile said in a statement that technical issues impacted “information shared from a small number of law enforcement information requests.” While the company claims to have acted “quickly” and “in a timely manner,” CFIUS claims T-Mobile “failed to report some incidents of unauthorized access promptly to CFIUS, delaying the Committee’s efforts to investigate and mitigate any potential harm.”

    The 12-year saga that is the prosecution of Kim Dotcom inched forward this week with the New Zealand justice minister approving the US’s request to extradite the controversial entrepreneur. Dotcom created the file-sharing service Megaupload, which US authorities say was used for widespread copyright infringement. The US seized Megaupload in 2012 and indicted Dotcom on charges related to racketeering, copyright infringement, and money laundering. Dotcom has denied any wrongdoing but lost an attempt to block the extradition in 2017 and has been fighting it ever since. Despite the justice minister’s decision, Dotcom vowed in a post on X to remain in the country where he’s been a legal resident since 2010. “I love New Zealand,” he wrote. “I’m not leaving.”

    The growing scourge of deepfake pornography—explicit images that digitally “undress” people without their consent—may have finally hit a major legal roadblock. San Francisco’s chief deputy city attorney, Yvonne Meré—and the City of San Francisco by extension—has filed a lawsuit against the 16 most popular “nudification” websites. These sites and apps allow people to make explicit deepfake images of virtually anyone, but they have increasingly been used by boys to make sexual abuse material of their underage female classmates. While several states have criminalized the creation and distribution of AI-generated sexual abuse material of minors, Meré’s lawsuit effectively seeks to shut down the sites entirely.

    [ad_2]

    Andrew Couts

    Source link

  • Class Action Lawsuit Alleges T-Mobile Broke Its Lifetime Price Guarantee

    Class Action Lawsuit Alleges T-Mobile Broke Its Lifetime Price Guarantee

    [ad_1]

    Angry T-Mobile customers have filed a class action lawsuit over the carrier’s decision to raise prices on plans that were advertised as having a lifetime price guarantee.

    “Based upon T-Mobile’s representations that the rates offered with respect to certain plans were guaranteed to last for life or as long as the customer wanted to remain with that plan, each Plaintiff and the Class Members agreed to these plans for wireless cellphone service from T-Mobile,” said the complaint filed in US District Court for the District of New Jersey. “However, in May 2024, T-Mobile unilaterally did away with these legacy phone plans and switched Plaintiffs and the Class to more expensive plans without their consent.”

    The complaint, filed on July 12, has four named plaintiffs who live in New Jersey, Georgia, Nevada, and Pennsylvania. They are seeking to represent a class of all US residents “who entered into a T-Mobile One Plan, Simple Choice plan, Magenta, Magenta Max, Magenta 55+, Magenta Amplified or Magenta Military Plan with T-Mobile which included a promised lifetime price guarantee but had their price increased without their consent and in violation of the promises made by T-Mobile and relied upon by Plaintiffs and the proposed class.”

    The complaint seeks “restitution of all amounts obtained by Defendant as a result of its violation,” plus interest. It also seeks statutory and punitive damages, and an injunction to prevent further “wrongful, unlawful, fraudulent, deceptive, and unfair conduct.”

    “T-Mobile Will Never Change the Price You Pay”

    The lawsuit’s allegations will be familiar to those who read our previous articles on the recent price hikes of up to $5 per line. In January 2017, T-Mobile issued a press release announcing the “Un-contract” promise for T-Mobile One plans. “Now, T-Mobile One customers keep their price until THEY decide to change it. T-Mobile will never change the price you pay for your T-Mobile One plan,” the company said at the time.

    The price guarantee was also hyped by then CEO John Legere at a press event in Las Vegas. But separately from the announcement, T-Mobile revealed a significant caveat that essentially nullified the promise. T-Mobile said in a FAQ on its website that the only guarantee was T-Mobile would pay your final month’s bill if the carrier raised the price and you decided to cancel.

    Many customers saw the prominent lifetime price guarantee but not T-Mobile’s contradiction of that promise and signed up for plans thinking their prices would never be raised. The “Un-contract promise” was offered on certain plans between January 5, 2017, and April 27, 2022.

    T-Mobile started offering a different guarantee called Price Lock on April 28, 2022. This was originally more ironclad than the Un-contract, and customers who snagged it were apparently not impacted by this year’s price increases.

    But T-Mobile then created a confusing situation with Price Lock. The stronger version of Price Lock was offered from April 28, 2022, to January 17, 2024. It was replaced by a weaker version that is still called Price Lock but is basically the same as the Un-contract. Customers who signed up for Price Lock on or after January 18, 2024, don’t actually have a price lock—but they can get their final month’s bill covered if T-Mobile raises the price and they decide to cancel.

    After the price hikes, several T-Mobile customers contacted Ars to express their displeasure. One of those customers said that he canceled and tried to get his final month’s bill covered, but T-Mobile refused to provide the refund. The Federal Communications Commission told us it had received about 1,600 consumer complaints about the price hikes as of late June.

    Class Action Plaintiffs

    The lawsuit says the plaintiffs and many other customers were swayed to switch plans based on promises made in the January 2017 announcement and afterward.

    “The experiences of the named Plaintiffs [are] not unique. Numerous wireless customers were motivated to switch to T-Mobile based upon the Press Events and Videos first promoted at the Las Vegas Trade Show,” the lawsuit said. “The extensive advertising by T-Mobile in print and on television also motivated customers to switch to what have now become legacy plans that T-Mobile customers are no longer able to keep.”

    [ad_2]

    Jon Brodkin, Ars Technica

    Source link