AT&T’s attorneys took issue with three parts of the second amended complaint and his request for millions in punitive damages, arguing they showed the plaintiff was himself mostly responsible for the SIM-swap scam – a type of phone hack involving stealing someone’s mobile identity.
U.S. mobile operator AT&T hopes to dismiss crypto investor Mike Terpin’s amended case over a SIM-swap hack, claiming he had not read the firm’s terms and conditions.
Filed at the federal court in the Central District of California earlier this week, AT&T’s motion to dismiss asks the presiding judge dismisses Terpin’s concealment and misrepresentation claims, as well as his request for punitive damages, with prejudice. If granted, it would mean Terpin could not bring the matter before the court again.
Terpin first accused AT&T of civil negligence in August 2018, alleging an employee had been bribed by a criminal gang to pass over control of his SIM card. Terpin claimed the mobile giant knew he was at risk of falling victim to a SIM-swap hack but did nothing to warn him or prevent an attack from taking place. He is suing AT&T for $23.8 million in compensation, as well as $200 million in punitive damages.
“Mr. Terpin all but admits that he cannot base a misrepresentation claim on written documents by AT&T, which he does not allege that he even saw or read, much less relied upon,” reads the filing. “He has all but conceded that his 11 misrepresentation claim should be dismissed with prejudice.”
A judge denied A&T’s previous dismissal motion in February, giving Terpin 21 days to submit an amended complaint that addressed some of its deficiencies.
Last December, in a separate case, AT&T filed a motion for dismissal against another crypto executive who had fallen victim to a similar phone hack, claiming the case had “critical holes.”
A New Ultrasonic Hack Can Exploit Your Siri
Researchers are sounding the alarm about a new type of hack focused on smart digital assistants like the Amazon Alexa or Apple’s Siri.
The hack, called a “SurfingAttack,” uses ultrasonic guided waves that are imperceptible to the human ear to communicate with a device through the voice assistant. It could be used to target Ring services with door deadbolts attached or move the temperature dial on your thermostat.
Security researchers who developed the attack say it enables multiple rounds of interactions between a voice-controlled device and attackers over relatively long distances and without the need for the device to be within sight. It could even be conducted through a heavy surface, like a table.
“Humans cannot hear anything, but the voice assistants will interpret these ultrasonic sounds as a voice command, and conduct certain operations because of it,” said Qiben Yan, an assistant professor at Michigan State University’s Secure and Intelligent Things Lab, who was the lead investigator on the project. “Sending the commands to the voice assistance, we can basically control the voice assistant. There’s a lot of opportunities for this when people put their phones down on a table and leave them unattended.”
Yan said hackers could launch conversations with a victim’s contacts, and depending on how connected their devices are, potentially control home devices, lock or unlock a car or front door, or alter the thermometer. Such attacks could also impact two factor authentication, by reading the security code sent via text back to the hacker.
Using a $5 off-the-shelf PZT transducer, a type of electroacoustic transducer, the researchers were able to successfully compromise the following devices.
They believe that more devices could be vulnerable, including phones protected by silicone rubber phone cases.
There are steps people can take to prevent such attacks though. Disabling the voice assistance when your phone is locked, or making sure your phone is on a covering such as a tablecloth, can stop the ultrasonic ways from affecting it. Using phone cases of uncommon materials like wood can also help.