New Episode Alert EP105 (copy 01)

Learn how to use the new "Off-Facebook" activity tool! πŸ”₯

February 03, 2020

Weekly Blaze PodcastEpisode 106February 3 2020

Off-Facebook Activity ToolRing App Third-Party TrackersWawa Credit Card Breach Updates

Do you use a key fob for unlocking and starting your car? If you do, you need to be aware of an increasingly popular attack that thieves are using to steal cars called a relay attack. A relay attack is where a thief can take the signal from your key fob and boost it to break into your car or steal it. And the most elegant and simple way to protect your car from this attack is by putting your key fob in a Silent Pocket Key Fob Guard faraday bag which can block all wireless signal. Get yours today by picking one up at

. And because you listen to this podcast, take 15% off during checkout by using discount code "sharedsecurity".

How to Change Your Off-Facebook Activity Settings

Last week

which will allow Facebook users much greater control over third-party tracking. This new tool, which should be rolled out to everyone's Facebook account by now, shows you a list of apps, websites, and services that Facebook knows you've visited through things like signing up for apps with your Facebook login, Facebook's tracking pixel, and those social widgets such as those Like and Share buttons you see all over the web. You can also disconnect any personal information that Facebook has linked to your account. This is a well needed privacy tool that all Facebook users need to take advantage of. Keep in mind, this will not prevent customized ads from showing up on Facebook but it’s a big help in limiting the data that Facebook collects about you.

Now in typical Facebook fashion, the tool itself is a bit buried within your Facebook settings, especially if you're using the Facebook mobile app. But the easiest way to access these settings is to use a web browser and visit

while logged into your account and then select "Manage Your Off-Facebook Activity" on the right side of the page. From here, you'll be able to see all the apps and websites that have sent data to Facebook. From here you can drill down and disable each one or better yet, select "Clear History" at the top which will clear all your current history from your account. Note that you'll be logged out of any apps or sites that you used the Facebook login feature to sign-on. Now the more powerful feature is to select the option to "Manage Future Activity". This will prevent Facebook from saving any app or service data in the future. For more details on these important settings, check out our show notes for a link to a great guide and walkthrough we've provided from the EFF.

Ring Android App Sent Sensitive User Data to 3rd Party Trackers

According to

, the Ring Android app is apparently sending data to third-party trackers which can be used to identify customers of the popular smart camera and alarm company. Through EFF's research four analytics and marketing companies are receiving customer data that includes names, IP address, mobile network carriers, unique identifiers, and information from sensors on the Android device. There was no mention of the Ring app for Apple iOS, but it most likely exhibits similar issues. Now one of those companies receiving this data is Facebook and that data includes things such as time zone, device model, language preferences, screen resolution, and a unique identifier. Outside of Facebook alone, the danger here is that analytics and marketing companies combine all of these pieces of data together to identify or profile your device, which can lead to finding more personal information about you. This is called device fingerprinting and is one of the most popular ways to track you online through the use of multiple devices including your smartphone, laptop, and even your smart TV.

, Ring reached out to state that they clearly indicate in their privacy policy that they ensure third-party service providers do not use this data for other purposes outside of their contract with Ring.

Look, Ring is not the only company doing this and certainly won't be the last. The key for all of us that use apps like these is to continue to be aware of the data that these apps collect by reading stated privacy policies or by staying up to date with news about apps that may exhibit bad behavior. The more we can be educated about how our data is being used, the better decisions we can make to use a particular app or not.

Wawa card breach may rank as one of the biggest of all times

Last week, the infamous "Joker's Stash", the largest credit card trading forum on the dark web, put up for sale

. Card details for US issued cards are going for about $17, while international cards are going for much more at $210 per card. The card dump was named "BIGBADABOOM-III" and according to security experts, the card data has been traced back to the Wawa credit card breach which happened back in December of last year. This data breach was caused by malware that was installed on Wawa convenience store point-of-sale terminals which let attackers collect credit card data from all of its 860 stores, 600 of them which are also gas stations. According to the investigation, the malware operated from March 4th to December 12th of last year without being detected. This data breach is now listed as one of the largest in US history right up there with 2014's Home Depot data breach of 50 million payment cards, and the 2013 Target breach which compromised 40 million payment cards.

Credit card breaches like this one are great reminders to be vigilant with reviewing your credit card statements, setting up fraud alerts on your credit card, and making sure you never use a debit card for purchases. Finally, use more secure methods of payment like Apple or Samsung Pay on your mobile device, especially for online transactions if the merchant supports it. Otherwise, your best secure payment option is using good old cash.

JanuaryMonthly ShowEpisode 96In episode 96 of our monthly we discuss the controversy of voting by smartphone in our elections, the Jeff Bezos hacking incident, and the recent Microsoft support security breach.

Watch this episode on our YouTube Channel!

Top 10 Episodesin 2019We've had a fantastic year bringing you the latest cybersecurity and privacy topics and news. Thank you for being a listener and supporting the show!If you haven't listened to our most downloaded episodes from the year, here's your chance. Click the link below to listen to each episode and share with your friends!

Shared Security is now on GetVokl!

We live stream our monthly show on a new interactive video chat and streaming service called GetVokl!

to get notified when we will be live and to watch previous episodes!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

to shop Silent Pocket's great line of privacy focused products.