Risky Bulletin: Academics Pull Off Novel 5G Attack

Podcast: Risky Bulletin
Host: risky.biz
Date: August 17, 2025
Read by: Claire
Prepared by: Catalyn Kim Panu

Episode Overview

This episode delivers a rapid-fire update on the latest major cybersecurity incidents and trends from around the globe. Central to the discussion is a new academic discovery enabling 5G-to-4G downgrade attacks, alongside more typical stories of ransomware, breaches, surveillance tool spending, and both technical and policy shifts impacting the security landscape.

Key Discussion Points & Insights

1. Novel 5G Downgrade Attack

Summary:
Cybersecurity academics have developed a tool capable of forcing 5G mobile connections to downgrade to 4G—without using a rogue base station.
Attack Method:
The attack is carried out by injecting crafted messages that disrupt the 5G authentication process in close proximity (up to 20 meters) to the target device.
Outcome:
Disrupts secure 5G communication, leaving devices vulnerable to older attack methods.
Disclosure:
The GSM Association has been notified and the tool has been open-sourced.

Quote:

"The attack uses a new software toolkit to inject crafted messages that disrupt 5G authentication. The attacks were demonstrated in close proximity to targeted devices. The success rate was highest when within 20 metres." (00:13)

2. Major Incidents and Breaches

a. Workday Security Breach

Hackers socially engineered an employee, gaining access to a third-party CRM.
Part of a broader hacking spree targeting Salesforce accounts for data theft and extortion.
Workday hasn't officially confirmed these events.

b. Ransomware Attack on North American Car Salvage Yards

Hundreds of auto salvage yards in Canada and the U.S. hit by LockBit Black ransomware in early August.
Likely compromise vector: Simple Help remote management app.
Victims may share a common IT vendor, but this is not confirmed.

Quote:

"Hundreds of auto salvage yards across Canada and the U.S. have been hit by a ransomware attack. The attackers allegedly gained access to their networks via the Simple Help remote management app." (00:32)

c. UK HMRC Employee Firings

50 employees fired for unauthorized access to confidential taxpayer data.
Since 2022, nearly 200 workers dismissed for similar infractions—less than 0.1% of workforce.

3. Regulatory & Policy Changes

a. Malaysian Stock Exchange Multi-Factor Authentication

Mandate for all brokerage accounts to implement MFA by year-end due to April breach where 80 accounts were compromised.
Similar security challenges reported in Japan and Indonesia.

b. Proton's Data Center Investment

More than $120 million being invested in Germany and Norway due to uncertainty over future Swiss surveillance laws.

Quote:

"The company is investing in data centres in Germany and Norway due to uncertainty over a proposed Swiss surveillance law." (01:20)

4. Surveillance Technology Acquisitions

Bangladesh: Over $190 million spent on at least 160 spyware and surveillance tools in the last decade.
Vendors include US and Israeli companies (Cellebrite, Finfisher, Predator).

Quote:

"Bangladesh has bought at least 160 surveillance technologies and spyware systems in the last decade, according to the Tech Global Institute. The government spent nearly $190 million on surveillance tech." (01:38)

5. Cybercrime & Law Enforcement Actions

US DOJ Indictment: Zeppelin ransomware member charged, with authorities seizing $2.8 million in crypto, $70,000 cash, and a luxury car.
Vietnam: Foreign national arrested for using SMS blasters to impersonate government portals.
India: 18 suspects detained for credit card scam targeting State Bank of India customers, using insider data from a call center.

Quote:

"Indian Police have detained 18 suspects over their involvement in a credit card scam operation... The group obtained customer data to support the scam from insiders who worked at one of the bank's call centres." (02:50)

6. Software Vulnerabilities and Misconfigurations

Tesla Car App Exposure:
Open-source dashboards for Tesla show sensitive owner data (location, trip details, charging) without authentication.
VPN Apps with Hard-Coded Passwords:
Several Android VPN apps using Shadowsocks tunnel found with this flaw, enabling traffic observation. Operators traced to China.
Exchange Server Keylogger Campaign:
Ukrainian APT named Phantom Corps linked to widespread government server attacks.
Ermac Android Banking Trojan Source Code Leak:
Source code, builder tools, and backend components leaked from open directory.

Quote:

"Several VPN apps on the Google Play Store ship with hard coded passwords... According to Citizenlab, the apps are registered to three four front companies but are operated from China." (03:31)

7. Botnets and Infrastructure Threats

PolarEdge Botnet:
Now controls over 40,000 devices (primarily Cisco, Asus routers, QNAP and Synology NASes). Suspected links to Chinese espionage networks.

8. Legal and Platform Policy Updates

Otter AI Lawsuit:
Company alleged to have recorded video conferences without full participant consent via AI-generated transcripts.
Google Play Wallet App Rule Changes:
Wallet apps (crypto and classic) must show compliance with local regulations in 15 regions.
Microsoft Teams Security Updates:
Rollout of allow/block lists for external domains and upcoming malicious link detection to combat social engineering.

Memorable Quotes & Timestamps

5G Attack:
"The attack uses a new software toolkit to inject crafted messages that disrupt 5G authentication..." (00:13)
Auto Salvage Ransomware:
"Hundreds of auto salvage yards across Canada and the U.S. have been hit by a ransomware attack..." (00:32)
Bangladesh Surveillance Spending:
"Bangladesh has bought at least 160 surveillance technologies and spyware systems in the last decade..." (01:38)
Indian Credit Card Scam:
"The group obtained customer data to support the scam from insiders who worked at one of the bank's call centres..." (02:50)
Hard-Coded VPN Passwords:
"Several VPN apps on the Google Play Store ship with hard coded passwords..." (03:31)

Timeline of Notable Segments

00:13 – Academic 5G-to-4G downgrade attack
00:32 – Auto salvage yards hit by ransomware
01:20 – Proton invests outside Switzerland over privacy law fears
01:38 – Bangladesh surveillance tech purchases
02:50 – Indian credit card scam with insider collusion
03:31 – VPN apps with shared hard-coded passwords

Tone and Delivery

The episode maintains a brisk, matter-of-fact tone, moving quickly from one headline to the next. The focus remains on technical and policy substance, avoiding speculation and remaining close to verified facts and attributed research.

Risky Bulletin: Academics Pull Off Novel 5G Attack

Podcast: Risky Bulletin
Host: risky.biz
Date: August 17, 2025
Read by: Claire
Prepared by: Catalyn Kim Panu

Episode Overview

Key Discussion Points & Insights

1. Novel 5G Downgrade Attack

Summary:
Cybersecurity academics have developed a tool capable of forcing 5G mobile connections to downgrade to 4G—without using a rogue base station.
Attack Method:
The attack is carried out by injecting crafted messages that disrupt the 5G authentication process in close proximity (up to 20 meters) to the target device.
Outcome:
Disrupts secure 5G communication, leaving devices vulnerable to older attack methods.
Disclosure:
The GSM Association has been notified and the tool has been open-sourced.

Quote:

"The attack uses a new software toolkit to inject crafted messages that disrupt 5G authentication. The attacks were demonstrated in close proximity to targeted devices. The success rate was highest when within 20 metres." (00:13)

2. Major Incidents and Breaches

a. Workday Security Breach

Hackers socially engineered an employee, gaining access to a third-party CRM.
Part of a broader hacking spree targeting Salesforce accounts for data theft and extortion.
Workday hasn't officially confirmed these events.

b. Ransomware Attack on North American Car Salvage Yards

Hundreds of auto salvage yards in Canada and the U.S. hit by LockBit Black ransomware in early August.
Likely compromise vector: Simple Help remote management app.
Victims may share a common IT vendor, but this is not confirmed.

Quote:

"Hundreds of auto salvage yards across Canada and the U.S. have been hit by a ransomware attack. The attackers allegedly gained access to their networks via the Simple Help remote management app." (00:32)

c. UK HMRC Employee Firings

50 employees fired for unauthorized access to confidential taxpayer data.
Since 2022, nearly 200 workers dismissed for similar infractions—less than 0.1% of workforce.

3. Regulatory & Policy Changes

a. Malaysian Stock Exchange Multi-Factor Authentication

Mandate for all brokerage accounts to implement MFA by year-end due to April breach where 80 accounts were compromised.
Similar security challenges reported in Japan and Indonesia.

b. Proton's Data Center Investment

More than $120 million being invested in Germany and Norway due to uncertainty over future Swiss surveillance laws.

Quote:

"The company is investing in data centres in Germany and Norway due to uncertainty over a proposed Swiss surveillance law." (01:20)

4. Surveillance Technology Acquisitions

Bangladesh: Over $190 million spent on at least 160 spyware and surveillance tools in the last decade.
Vendors include US and Israeli companies (Cellebrite, Finfisher, Predator).

Quote:

"Bangladesh has bought at least 160 surveillance technologies and spyware systems in the last decade, according to the Tech Global Institute. The government spent nearly $190 million on surveillance tech." (01:38)

5. Cybercrime & Law Enforcement Actions

US DOJ Indictment: Zeppelin ransomware member charged, with authorities seizing $2.8 million in crypto, $70,000 cash, and a luxury car.
Vietnam: Foreign national arrested for using SMS blasters to impersonate government portals.
India: 18 suspects detained for credit card scam targeting State Bank of India customers, using insider data from a call center.

Quote:

"Indian Police have detained 18 suspects over their involvement in a credit card scam operation... The group obtained customer data to support the scam from insiders who worked at one of the bank's call centres." (02:50)

6. Software Vulnerabilities and Misconfigurations

Tesla Car App Exposure:
Open-source dashboards for Tesla show sensitive owner data (location, trip details, charging) without authentication.
VPN Apps with Hard-Coded Passwords:
Several Android VPN apps using Shadowsocks tunnel found with this flaw, enabling traffic observation. Operators traced to China.
Exchange Server Keylogger Campaign:
Ukrainian APT named Phantom Corps linked to widespread government server attacks.
Ermac Android Banking Trojan Source Code Leak:
Source code, builder tools, and backend components leaked from open directory.

Quote:

"Several VPN apps on the Google Play Store ship with hard coded passwords... According to Citizenlab, the apps are registered to three four front companies but are operated from China." (03:31)

7. Botnets and Infrastructure Threats

PolarEdge Botnet:
Now controls over 40,000 devices (primarily Cisco, Asus routers, QNAP and Synology NASes). Suspected links to Chinese espionage networks.

8. Legal and Platform Policy Updates

Otter AI Lawsuit:
Company alleged to have recorded video conferences without full participant consent via AI-generated transcripts.
Google Play Wallet App Rule Changes:
Wallet apps (crypto and classic) must show compliance with local regulations in 15 regions.
Microsoft Teams Security Updates:
Rollout of allow/block lists for external domains and upcoming malicious link detection to combat social engineering.

Memorable Quotes & Timestamps

5G Attack:
"The attack uses a new software toolkit to inject crafted messages that disrupt 5G authentication..." (00:13)
Auto Salvage Ransomware:
"Hundreds of auto salvage yards across Canada and the U.S. have been hit by a ransomware attack..." (00:32)
Bangladesh Surveillance Spending:
"Bangladesh has bought at least 160 surveillance technologies and spyware systems in the last decade..." (01:38)
Indian Credit Card Scam:
"The group obtained customer data to support the scam from insiders who worked at one of the bank's call centres..." (02:50)
Hard-Coded VPN Passwords:
"Several VPN apps on the Google Play Store ship with hard coded passwords..." (03:31)

Timeline of Notable Segments

00:13 – Academic 5G-to-4G downgrade attack
00:32 – Auto salvage yards hit by ransomware
01:20 – Proton invests outside Switzerland over privacy law fears
01:38 – Bangladesh surveillance tech purchases
02:50 – Indian credit card scam with insider collusion
03:31 – VPN apps with shared hard-coded passwords

Risky Bulletin: Academics pull off novel 5G attack

Powered by Wave AI

Summary

Risky Bulletin: Academics Pull Off Novel 5G Attack

Episode Overview

Key Discussion Points & Insights

1. Novel 5G Downgrade Attack

2. Major Incidents and Breaches

a. Workday Security Breach

b. Ransomware Attack on North American Car Salvage Yards

c. UK HMRC Employee Firings

3. Regulatory & Policy Changes

a. Malaysian Stock Exchange Multi-Factor Authentication

b. Proton's Data Center Investment

4. Surveillance Technology Acquisitions

5. Cybercrime & Law Enforcement Actions

6. Software Vulnerabilities and Misconfigurations

7. Botnets and Infrastructure Threats

8. Legal and Platform Policy Updates

Memorable Quotes & Timestamps

Timeline of Notable Segments

Tone and Delivery

Summary

Risky Bulletin: Academics Pull Off Novel 5G Attack

Episode Overview

Key Discussion Points & Insights

1. Novel 5G Downgrade Attack

2. Major Incidents and Breaches

a. Workday Security Breach

b. Ransomware Attack on North American Car Salvage Yards

c. UK HMRC Employee Firings

3. Regulatory & Policy Changes

a. Malaysian Stock Exchange Multi-Factor Authentication

b. Proton's Data Center Investment

4. Surveillance Technology Acquisitions

5. Cybercrime & Law Enforcement Actions

6. Software Vulnerabilities and Misconfigurations

7. Botnets and Infrastructure Threats

8. Legal and Platform Policy Updates

Memorable Quotes & Timestamps

Timeline of Notable Segments

Tone and Delivery