J Wolfgang Goerlich, someone who was once on our podcast here at the technology blog posted something worth exploring. He’s now on Mastodon. Here’s what he posted.
J Wolfgang Goerlich: One of the things I speculated in my RSAC talk on zero trust was adversaries bypassing device identity and posture. Check this article out:
“Attackers are using these spoofing tools by exploiting stolen cookie files, impersonating hyper-granular device identifiers and using fraud victims’ unique network settings.”
Whelp. That didn’t take long.
https://www.govinfosecurity.com/threat-actors-customizing-tools-for-mobile-os-based-fraud-a-22539
Keep in mind that this is an info security person calling for change. But as you can see by the article which we’ll fully link to in a bit, this is now practical.
Looks like things that can be stolen can include anything they want including the type of phone, the hardware make, model and the like.
It can be made to come from your IP address, making it look like you logged in to your bank as an example, bypassing the check for whether say money was withdrawn from another country as an example.
Gov Info Security’s article is titled Threat Actors Customizing Tools for Mobile OS-Based Fraud and us IOS users better be on the lookout!
Let’s be aware, thanks J for posting this for us to see, and make it a great day, friend! He never followed back, but this was definitely a great read.