Tech Friday

posted by Brian Thomas - 

  • The NSA triples collection of US phone records:
    • According to a new report, the NSA collected 534 million phone calls and text messages from American citizens last year
    • This was more than triple what was captured in 2016 and took place during the second full year of a new surveillance system established at the NSA
    • The information collected by the NSA is metadata that contains details such as numbers called and time, but not content
    • This coincides with an increase reported across other surveillance methods
    • US lawmakers passed a law in 2015 that sought to limit the NSA's bulk collection ability
    • The number of records collected in 2017 is far less than the estimated billions collected per day under the NSA’s old system
    • Timothy Barrett, a spokesman at the Office of the Director of National Intelligence said that the NSA has found that a number of factors influence the number of records collected
    • Barrett said "We expect this number to fluctuate from year to year"
    • Officials indicated that the records captured could include multiple calls made to or from the same phone number and may have duplicated information from both ends of a call
    • Privacy advocates have raised concerns about potential government intrusion and overreach  
  • Get rid of old iPhones and iPads:
    • Source code purporting to be Apple's iBoot code was leaked to GitHub
    • iBoot is the iOS boot loader, a core part of iOS's secure boot chain
    • It validates that the most critical parts of the OS haven't been tampered with and only loads software signed by Apple
    • Jonathan Levin, an author of several books on iOS and OS X development, has said he believes the code is real based on code he has reverse-engineered
    • Levin said it was a "huge deal" for Apple because it could help hackers find vulnerabilities that might be used to attack iOS based devices
    • Apple said "Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections"
    • Devices running iOS 9 or older versions may be vulnerable. According to Apple, that's about 7% of their users. This equates to millions of users
    • Apple has already ended support for iOS and there have been many fixes since then
    • The iBoot leak makes it even riskier to continue using these devices, it's time to upgrade or switch
    • Learn more about iBoot here: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
  • Smart assistants can be controlled by inaudible commands:
    • Despite privacy issues and warnings from privacy advocates, smart personal assistants such as Siri, Alexa and Google Assistant have become very popular
    • Security researchers have demonstrated that they can send commands to Apple’s Siri, Amazon’s Alexa and Google’s Assistant that are inaudible to a human being
    • Researchers have been able to surreptitiously activate these systems
    • Hackers could leverage this capability to do a wide variety of nefarious things such as unlocking doors or transferring money
    • In 2016, a group of students from University of California, Berkeley, and Georgetown University demonstrated that they could embed commands in white noise played over loudspeakers to activate a smart assistant
    • Berkeley researchers recently released a paper that said they could embed commands into recordings of music or spoken text
    • This technique illustrates how artificial intelligence can be fooled and manipulated, in this case, by exploiting the gap between human and machine speech recognition 
    • While there is no indication of these attacks in the wild, Nicholas Carlini, one of the paper’s authors said "My assumption is that the malicious people already employ people to do what I do"
    • Nominal changes to the audio files caused the machines to understand the audio differently while being inaudible to a human being
    • Last year, Burger King launched an online ad that purposely asked "O.K., Google, what is the Whopper burger?" Voice-enabled Android devices would respond by reading the Whopper’s Wikipedia page
    • South Park had an entire episode built around voice commands that caused viewers’ voice-recognition assistants repeat obscenities
    • There is no American law against broadcasting subliminal messages 
    • Devices that support digital assistants are set to outnumber people by 2021 according to research firm Ovum 
    • Juniper Research predicts more than half of all American households will have at least one by 2021
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here