Secuity

A security vulnerability in LTE can be exploited to sign up for subscriptions or paid website services at someone else's expense, new research suggests.

According to researchers from Ruhr-Universität Bochum, the flaw exists in the 4G mobile communication standard and permits smartphone user impersonation, which could allow attackers to "start a subscription at the expense of others or publish secret company documents under someone else's identity."

When you pay for security software, you probably hope it’s protecting you — not creating a massive security breach in and of itself. But if you ran Trend Micro’s password manager, enabled by default for all Trend Micro users, any site on the web could have executed any app on your computer just by including a bit of code.

A patch issued today mostly solves the problem. But as Ars Technica reports, that only happened because Google Project Zero team member Tavis Ormandy publicly berated the company.