Help Might Finally Be on the Way to Fight SIM-Swap Attacks

WIRED reported that 45 investigations into Capitol rioters had used Google geolocation data. This includes two geofence warrants, which allowed the FBI to locate suspects in the building within a very short timeframe on January 6. This was an unusual use of geofencing at an extraordinary time. Experts acknowledge that it was justified but are concerned about the slippery slope given recent increases in geofence warrant use.
Android was also hit by another wave of fake apps, as per Google news. A campaign that began in November saw hundreds of malicious apps sneak into Google Play. They were downloaded on more than 10 million devices. To avoid detection, the bad apps employed various evasive tactics and attempted to trick users into signing on for a recurring fee. Researchers don't know how much they made, but it is possible that the scammers have made millions.

Cloudflare, an internet infrastructure company, is expanding into email security with two free tools that protect enterprises from phishing attacks and other email problems. Facebook was again targeted by the Senate for its concerns about teens' mental health. We have compiled a guide to help you enable passwordless access to your Microsoft account.

Dune can be interpreted in many ways, but it is most compelling as a template for future conflicts, from Afghanistan and cyberwar. We also looked at the reasons why James Bond would not use an iPhone in real life. (Or the Nokia that he relies upon in the movie.

There's more! Every week, we bring you all the security news WIRED hasn't covered in depth. To read the complete stories, click on the headlines. Stay safe out there.

SIM-swap attacks are a common problem for many years. They involve someone porting your phone number to another device to gain access to your most sensitive accounts. These attacks have led to cryptocurrency theft, bank account drains, and social media account takesovers. While there is no single way to stop them all, there are certain approaches that the US has not yet tried. It's encouraging that the FCC is finally paying attention to them. This week, the agency announced it would push carriers to use more secure authentication before they transfer numbers to a new device. Although it won't fix the problem completely, especially since some phone company employees may have actively enabled the attacks, it is a welcome start.

Russia continues to clamp down on all aspects of technology within the country. This week, however, was a worrying turn. According to reports, Ilya Sachkov was arrested by law enforcement in Russia. He is the founder and CEO at Group-IB, a St. Petersburg-based cybersecurity company. Sachkov is accused of conspiring with foreign intelligence services in order to harm Russia's national interests. The company claims he is innocent. Sachkov could spend up to 20 years prison sentence if he is found guilty.

This week, security researchers discovered a flaw with Visa's Express Transit feature in Apple Pay. They were able to make unauthorised contactless payments from an iPhone locked by Visa. To trick the iPhone into thinking it was connected to a legitimate transit system, they used a cheap radio device to imitate a ticket barrier. They then used a relay attack to send payment messages to the iPhone from a reader they controlled, allowing them large transactions without the need to provide biometric verification. This issue would only apply to stolen iPhones. Apple stated in a statement to BBC that Visa is unlikely to be fixed due to the complexity of the attack.

We often write about ransomware and its many negative effects on society. As attacks against hospitals continue to escalate, you should read this Wall Street Journal report on the true human cost. It is a shocking, but necessary read.

Here are more great WIRED stories