- Shared Security Podcast
- Posts
- New Episode Alert (copy 80)
New Episode Alert (copy 80)
Do you know how you're being tracked online? 🔥
Weekly Blaze PodcastEpisode 98December 9 2019
How You're Tracked OnlineNew Privacy Concerns inChina and AustraliaMalicious Android Appsin the Wild
Podcast co-host Scott Wright recently shared with me a story about how car thieves in Ontario Canada have been stealing hundreds of specific Toyota brand vehicle's such as 4Runners, Tacoma pickup trucks, and Lexus SUVs by using a relay or amplification attack. This attack is designed to amplify the signal from your key fob, which like many of us leave near one of the entrances to our homes, in order to trick the car to opening its door and allowing the car to start. The device required to do this attack is only about $200 to construct and there is very little that car manufactures are doing to fix this issue. But there is an easy and elegant solution you can do right now that prevents this type of attack, and that's by using a Silent Pocket key fob guard which is a Faraday bag that blocks all wireless signal. Right now, you can take 15% off your order and get one under $20 by using discount code "sharedsecurity". Protect the investment in your car and pick one up today for you or your loved ones for the holidays at
.
How You're Tracked Online - Must Read Research from the EFF
Last week the Electronic Frontier Foundation released a comprehensive report called
that identifies and explains the hidden methods and business practices that companies use to collect and track our personal information. Just in time for the holiday shopping season, the report goes into tons of great detail into the different ways that we are all tracked through the apps, devices, and services we all use.
The focus of the research is on third-party tracking which use methods like hidden tracking codes on websites, invisible pixel images embedded in emails, browser fingerprinting, mobile tracking, and even details on how companies are using face recognition to identify us for tracking purposes. In my opinion the most interesting part of this research is the information about passive tracking methods that use Wifi hotspots and wireless beacons. We all keep our Wifi and Bluetooth enabled on our smartphones and laptops but did you know that many of the free Wifi hotspots that we use are specifically designed to track and collect information about what sites you're going to? Bluetooth beacons are even installed in public places like shopping malls to identify your device through the probes that our smartphones and other devices send out just by having Bluetooth enabled. All of this data is then sent to third-party tracking and marketing companies where they build a "profile" of you which has data on all of your activities on the web. Scarier still, if you get a new phone or computer, a new profile is created, but can eventually be linked up to a previously created profile that can eventually be linked back to you. So who's ready to throw away that smartphone right now?
While a lot of the details in this report can get technical fairly quickly, I really like how they broke down complex concepts to layman's terms through the use of diagrams and real-world examples. They also dedicate an entire section on how to combat trackers through the use of web browser extensions like
and
, changing the settings on your phone, and other information you can arm yourself with to fight these trackers. However, the reality is that even when you install all the tracking preventing plugins and privacy settings in the world, tracking is almost impossible to avoid unless you want to give up using technology together and live in the woods far away from civilization. But we can take steps to minimize the information our devices simply hand out and determine for ourselves the level of effort we should dedicate to protect our own privacy. This is, by far, some of the best work from the EFF to date so check out our show notes for links and for further details about this very important privacy research.
New Privacy Concerns in China and Australia
In other privacy news,
. Now while this may be a good way to reduce cell phone fraud, it also means that Chinese citizens will now have their identities matched up to their physical devices. This news shouldn't be that surprising, however, since it's been well known that the Chinese have used facial recognition to monitor ethnic minorities in their country, not to mention the mass surveillance that has been used to suppress Hong Kong protesters. Communism is bad kids. And unfortunately, I think the privacy of Chinese citizens is only going to get worse.
, distracted driving is becoming a huge problem so police have started using surveillance cameras with AI to identify people using their mobile phone while driving. One caveat is that faces will not be recorded, only overhead photos of the car's driver will be analized. With these surveillance systems a human is involved to verify images and remove any false positives, and there will be apparently fixed and trailer mounted cameras available to police to help find violators. From a fine perspective first time violators will find themselves with a warning but after that the fines start to increase up to $457 dollars Australian plus 10 demerit points. I think Australia is on a slippery slope here from a privacy perspective, I mean, how many mistakes are going to be made concealing faces or accidentally capturing a face in an image. Will this system be abused like similar technology, that is reviewed by humans, like we've seen with Google and Amazon? Or will it actually have the positive benefit of reducing accidents caused by distracted driving.
And now a word from our sponsor, Edgewise Networks
The biggest problem in security that remains unsolved are flat networks in cloud and data centers, with unprotected attack paths that allow threats to move laterally to cause breaches.
But microsegmentation using network addresses is complicated and takes too much time.
But there’s a better approach… Edgewise “Zero Trust Auto-Segmentation."
Edgewise is impossibly simple microsegmentation … delivering results immediately, with a security outcome that’s provable.
At the core of Edgewise Auto-Segmentation is Zero Trust Identity, which allows workloads to communicate only after their software identity has been verified. Malicious or unapproved software is no longer allowed to communicate.
Identity-based protection provides more coverage with fewer policies to make Edgewise simple to deploy and manage. No changes to the application or the network are required. One solution protects virtual machines and containers, in the cloud and on premises.
To stop lateral threat movement and prevent breaches, visit
for a demo and see results within minutes.
Malicious Android Apps in the Wild
Security researchers from an application security firm called Promon, said that they've identified a
that can let a malicious app hijack a legitimate app that can perform actions on behalf of a user. In a report that was published last week, the researchers said that this issue can be used by attackers to trick users into granting excessive permissions to malicious apps and that its actually being exploited in the wild by criminals.
The vulnerability, named StrandHogg, (not sure where they get these names from) have said that eastern European banks in the Czech Republic have reported that StrandHogg malware has been targeting banking customers. It appears that most of the malicious apps (36 of them to date) are look-a-like banking apps as to fool unsuspecting users. Most concerning is that this issue was reported to Google back in the summer but Google has yet to issue a patch for fixing the vulnerability which is in the multitasking component of the Android operating system. While we wait for a patch, our advice is to always make sure you only download Android apps from the Google Play store, keep your device updated, be extra cautious when apps on your smartphone ask for permissions and be vigilant about clicking on links asking you to install an app that you may already have.
NovemberMonthly ShowEpisode 94In episode 94 of our monthly show Tom and Scott discuss the 25 most dangerous vulnerabilities, the privacy of new “smart cities”, and which search engine keeps your searches more private? It’s DuckDuckGo vs. Google!
Watch this episode on our YouTube Channel!
Shared Security is now on GetVokl!
We live stream our monthly show on a new interactive video chat and streaming service called GetVokl!
to get notified when we will be live and to watch previous episodes!
Thank you to our sponsor
Silent Pocket!
Take advantage of this exclusive offer and help support this podcast!
Visit
to shop Silent Pocket's great line of privacy focused products.