At a glance.
- Report: AirTags used as stalking tools.
- SIM-swap exposes some customer data.
- A look at the spyware market.
Apple’s AirTags used as stalking devices.
The New York Times investigates how AirTags, new tracking devices from Apple with the seemingly innocuous aim of helping users keep better track of personal items like car keys, could be abused to stalk unwitting victims. Reports on social media say individuals who don’t even own AirTags themselves are receiving notifications stating that they’re being tracked. Privacy advocates voiced concerns about AirTags when Apple first introduced the product back in April, and local authorities are already investigating cases in which AirTags were allegedly used by car thieves to track valuable automobiles. While AirTags, unlike earlier offerings from competitors like Tile, include automated features to prevent abuse, some experts feel that the omnipresence of Apple devices makes AirTags more threatening.
Eva Galperin, a stalkerware expert at the Electronic Frontier Foundation, explains, “Apple automatically turned every iOS device into part of the network that AirTags use to report the location of an AirTag. The network that Apple has access to is larger and more powerful than that used by the other trackers. It’s more powerful for tracking and more dangerous for stalking.” Apple spokesperson Alex Kirschner responded, “If users ever feel their safety is at risk, they are encouraged to contact local law enforcement who can work with Apple to provide any available information about the unknown AirTag.”
T-Mobile SIM-swapping attack exposes customer data.
Global telecom giant T-Mobile has confirmed that “a small number” of customers have fallen victim to a SIM swapping attack, which allows hackers to hijack a target's phone by tricking the carrier into reassigning the number to a SIM card controlled by the attacker. The Verge reports that the exposed customer data includes billing account names, account numbers, and plan details. This attack follows an August incident in which the private data of nearly 50 million T-Mobile customers were exposed. While the scale of the most recent attack is smaller and the compromised info less sensitive, T-Mobile’s support account on Twitter says the company is taking “immediate action” to help users who might be at risk. A T-Mobile spokesperson told Bleeping Computer, “Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”
The growing spyware industry may be drawing a global response.
An opinion piece from the Washington Post takes a look at a new report from Facebook parent company Meta that examines the threat of the current spyware market. Though abuses of Israeli surveillance software developer NSO Group’s controversial Pegasus spyware have dominated recent headlines, Meta’s report shows that the spyware industry goes far beyond the blacklisted company. In order to truly combat cyber-surveillance, the report posits, global regulators must work to detect the abuse of surveillance software in the early stages of reconnaissance and engagement in order to prevent cyber-snooping before it starts.