New Episode Alert EP149

Two all new episodes this week! πŸ‘

December 01, 2020

In episode 149 for November 30th 2020: Police begin to pilot a program to live-stream Amazon Ring cameras, new details about Amazon Sidewalk, Congress unanimously passes a federal Internet of Things security law, and a Facebook Messenger bug that lets an attacker listen to you before you pick up a call

This holiday season think about giving a gift with privacy, security, and heath with Silent Pocket's high quality product line of patented Faraday bags, phone cases, and wallets. Visit

today and be sure to use discount code "sharedsecurity" to receive 10% off of your order during checkout. 

Police Will Pilot a Program to Live-Stream Amazon Ring Cameras

Police in Jackson, Mississippi are

. If a resident signs a waiver allowing this, camera streams from their front doors would be sent directly to a police Real Time Crime Center. Jackson's mayor says that police will only be able to access camera feeds when crimes occur in areas that have cameras that they are able to access. The theory is that police will be able to tap into a network of existing residential cameras bypassing the need to install their own surveillance cameras throughout the city. Apparently, the main reason to conduct this pilot in the first place is because the city is dealing with 110 homicides this year alone which makes this the deadliest year in the city's history. News of this pilot has

which state concerns about the lack of consent from say your neighbor across the street which may have signed up for the pilot and may be streaming the activities going on in front of your house. The EFF says that local communities should have more say in whether or not police may implement a program like this.

What is Amazon Sidewalk?

In other Amazon news, if you happen to be an owner of an Amazon Echo device you may have received an email last week stating that Amazon Sidewalk is coming soon to your device. So

? Well it’s a shared network which allows for extended coverage for sidewalk enabled devices like Amazon Echo, Ring smart lights, and pet and object trackers. Sidewalk will allow devices like these to stay connected to the Internet and continue to work over longer distances. How this works is that Sidewalk will use a small portion of your Internet bandwidth to provide these services to you and your neighbors. Yes, that's right. You'll be sharing some of your Internet connection with the rest of your neighborhood. Now the first thing you're probably asking yourself, is this secure and will my neighbors now have access to my devices and home network? Well Amazon has said that Sidewalk is designed with multiple layers of privacy and security and your neighbors won't know what devices you have and will not have access to your home network. There is a

that Amazon has released linked in our show notes if you're interested in the gory technical details. My biggest issue is that the sidewalk feature is turned on by default. So if you don't want to have your devices participate in this feature, you need to go into your Alexa app and turn Amazon Sidewalk off. And by the way, the setting itself is pretty confusing as it looks at first glance like the setting is actually disabled but it's really not unless you select the "switch" as shown in the Alexa app.

Congress unanimously passes federal IoT security law

There was some recent important developments on the IoT front and that was the news about the US Senate unanimously passing the IoT Cybersecurity Improvement Act which has now gone to president Trump for signature.

and probably the most significant law promoting the adoption of a private sector coordinated vulnerability disclosure program. What this also means is that the federal government will start to implement IoT security standards and ensure government contractors are also implementing security with their IoT devices as well. The law also specifically directs NIST to create standards-based guidelines for minimum security of IoT devices owned and controlled by the federal government. The good thing about NIST is that NIST standards are usually adopted by the private sector for many different types of existing security standards and baselines. This is really important news considering that IoT devices have major security issues such as default passwords and the fact that many of these devices can never be updated, patched or secured. I'm really encouraged by this news and I'm looking forward to seeing how this new law will impact and change the security of IoT devices in the future.

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

And in our last story this week

that could have allowed  an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser.

The flaw was discovered and reported to Facebook by Google's Project Zero team last month and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android. The good news is that Facebook has patched this vulnerability so if you happen to use Facebook Messenger on Android, make sure you're using the latest version of the app. Oh, and this is also a great reminder to make sure all of your apps are being updated on Android to the most current version.

Watch this episode on our YouTube Channel!

NovemberMonthly ShowEpisode 106In our November monthly episode we discuss the scams that you may encounter this holiday shopping season due to the pandemic and our top tips on how to stay safe and more secure when doing your shopping this year.

Watch this episode on our YouTube Channel!

Please support our sponsors!

Take advantage of this exclusive offer and help support this podcast!

Visit

to shop Silent Pocket's great line of privacy focused products.