New Episode Alert EP140

Two all new episodes available this week!

September 29, 2020

In episode 140 for September 28th 2020: Details on the first human death related to a ransomware attack, popular fitness app Strava is caught giving away your location data to strangers, and the top privacy improvements in Apple iOS 14.

With most of us on Zoom or WebEx calls because we're all now working from home we all need to consider the privacy of using the webcam when we're not using it. And the easiest way to do this is to use

Silent Pocket's reusable and removable webcam stickers

to make sure your webcam is protected. Pick up a set for yourself at

silentpocket.com

. And don't forget to take 15% off your order by using discount code "sharedsecurity".

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

In some very disturbing news last week, German authorities said that

a ransomware attack on the University Hospital of Dusseldorf caused a failure of its IT systems which resulted in the death of a woman who had to be sent to another hospital because all of the hospital's systems were encrypted and unable to be used

. This is the first recorded ransomware attack in history that has been responsible for the actual death of a human being. The attack, which had exploited a Citrix Application Delivery Controller vulnerability, was apparently misdirected by the attackers on accident with the intended target being the Heinrich Heine University. Apparently, law enforcement were able to contact the attackers to let them know that they had disabled an entire hospital so the attackers sent them the decryption key in order to get the hospital's systems back up and running. The case is now currently being treated as a homicide according to German authorities.

Ransomware is probably the top threat facing most business these days because of the ease of getting a fast payout. And we're starting to see more examples of businesses actually paying off the ransom since hiring cybersecurity experts is also expensive and an investigation to find out how to remove and decrypt ransomware can take time. And when your business is down, time is not a luxury. And most law enforcement and cybersecurity professionals agree that paying off the ransom just further fuels these criminal operations. But hospitals in particular, will hopefully start stepping up their defense against ransomware because as in this story life is truly on the line.

Strava app shows your info to nearby users unless this setting is disabled

Popular running and cycling tracking app Strava is making privacy news again, this time with how a feature called "flyby", which provides a way to share your activity with all nearby people, anytime you run or cycle past another Strava user. That means if you happen to pass another Strava user during your workout,

they will instantly get access to your route and even the location of your home or wherever you started your workout from

. This of course is a stalkers dream come true! Especially in dense or overly populated areas like large downtown areas. To make matters worse, the privacy settings for Flyby are set to "Everyone" by default! Now after a Twitter user complained to Strava about the issue last week and it seems Strava tried to address the issue. So if you did happen to have the Flyby setting set to "Everyone", the Strava app will now prompt you to change this to "No One" if you so desire. You may remember the last time that Strava was in the news a few years ago when

Strava had published heatmaps generated from 13 trillion GPS coordinates from runners' data

, which inadvertently exposed the locations of military bases around the world, including those in the U.S.

This is one of those features that I guess sounds fun if you're the type looking for new running or cycling friends, but for those of us that are concerned about our privacy and even physical security. This is one setting that I would double-check in Strava to be sure that its disabled.

Five iOS 14 and iPadOS 14 security and privacy features you need to know about

Apple iOS 14 is here and before you go ahead and update your iOS device to the latest and greatest operating system from Apple, you should know about some of the big privacy features with this latest update. Oh and before I forget, I would not update right away to iOS 14. Why? Well with any major release of iOS there are going to be bugs and issues that will need to be fixed by Apple. This is always the case and in the past there have been some pretty big issues, even security ones. So hold off for now and wait until iOS 14.1 comes out which I'm sure is in the next few weeks. As for those privacy settings, here's my top list of improvements that you need to know about.

First, is a new icon which lets you know every time an app accesses your camera or microphone. You'll see either a green dot (for when the camera is on) or an orange dot (when the microphone is on) right above the signal strength meter on your iPhone. In addition to that, when you access the Control Center, you'll see recent apps that have accessed your camera or microphone.

Next is a new notification that tells you when you or an app has copied data to the clipboard. This is really nice to see since we can now get more visibility into apps that may be accessing or pulling data that you copied to your clipboard.

Now in terms of location tracking, iOS 14 brings a major improvement to the way that apps can access your location. You now have the choice to use your general location without giving away your precise or exact location for an app. You can access this setting by going to Settings, then Privacy, and then Location Services. From here you can change the settings for the apps that have access to your location.

And finally, there are two important network settings that I think are privacy game changers. First, you'll start seeing notifications when apps require the ability to discover or connect to devices on your home network. I've been bothered about this issue for years in that many apps can work just fine without needed access or seeing other devices on your network. You now get a choice which is always a good thing. Lastly, browsing public or other WiFi networks also got a little more private with a feature to supply a random "MAC" address when you join or reconnect to a WiFi network. This is a nice feature to prevent you from being tracked, especially on public WiFi or other untrusted networks. A MAC address is a unique identifier for your device that is often used to track your WiFi connection and can be easily abused. You can get to this setting by going into Settings and then WiFi and clicking the little "info" icon next to the wireless network. Note that this setting is set to on by default and my cause issues with some devices on your home network, like smart devices that need to send notifications, or for some enterprise networks that may use a MAC address for authentication. All in all, these are great privacy improvements that are a long time coming.

Watch this episode on our YouTube Channel!

SeptemberMonthly ShowEpisode 104In our October monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas.

Watch this episode on our YouTube Channel!

Please support our sponsors!

Take advantage of this exclusive offer and help support this podcast!

Visit

silent-pocket.com

to shop Silent Pocket's great line of privacy focused products.