Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view.Read More

 

Tech Friday with Dave Hatter - August 13th 2021 - SPONSORED BY INTRUST IT


FBI tracks cars through Wi-Fi:

  • The FBI is using a Stingray technology to find and track Wi-Fi enabled vehicles
  • Stingray is cell tower simulator that forces all devices in a given area to connect into it rather than a real cell tower
  • Forbes discovered a search warrant application that shows a Stringray can find Wi-Fi enabled vehicles because they use mobile networks to provide connectivity
  • The warrant application said that cars like the Dodge were "frequently equipped with cellular modems inside their vehicles. These cellular modems are assigned a unique cellular identifier and generate historical and prospective records similar to a traditional cellular phone"
  • The application was filed in Wisconsin in May of this year
  • The goal was to find a Dodge Durango Hellcat used by a man indicted for drug dealing and firearms possession crimes
  • Additionally, the FBI was also given permission to use other kinds of surveillance to locate another vehicle associated with the suspect
  • These were also techniques traditionally used to track cellphones including a pen register and a "ping warrant" which shows the locations of cell towers used by a device
  • From that, the FBI determined that the suspect traded in theJeep for the Dodge
  • Stingrays have generated controversy because they suck up data from all devices that connect into them
  • As a result, some lawmakers have proposed legislation to mandate warrants with strong probable cause before the surveillance technology is deployed
  • The Wisconsin warrant said "The investigative device may interrupt cellular service of phones or other cellular devices within its immediate vicinity. Any service disruption to nontarget devices will be brief and temporary, and all operations will attempt to limit the interference with such devices."
  • The warrant also promised to delete data captured from innocent bystanders
  • Forbes has also reported that police can and have acquired location data from a car’s airbag system or brake light module and have acquired data from in-car systems such as GM's OnStar
  • This is yet another reminder that modern cars are really rolling computers

Data breach costs hit record during pandemic

  • IBM Security recently released its annual "Cost of a Data Breach" report
  • With Ponemon Institute, they analyzed breaches impacting more than 500 organizations
  • The report said a typical data breach experienced by companies now costs $4.24 million per incident, a record high during the COVID-19 pandemic
  • "Mega" breaches, covering 50 million to 65 million records, average $401 million to resolve!
  • IBM said "drastic operational shifts" due to the pandemic led to higher costs and made it more difficult to contain security incidents
  • An increase of up to $1 million more was seen for breaches that involved work from home with the highest costs at $4.96 million in comparison to $3.89 million
  • Compromised credentials were the most common attack vector
  • Once an attacker had access, Personally identifiable information (PII) including names and email addresses was stolen in nearly 50% of all incidents
  • They reported an average of 287 days to detect and contain a data breach, 7 days longer than 2020
  • Sadly, organizations typically will not detect intrusion for up to 212 days. Then they take another 75 days to resolve it
  • IBM said that security solutions based on artificial intelligence (AI) algorithms, machine learning, analytics, and encryption helped to reduce the potential costs with savings averaging between $1.25 million and $1.49 million
  • "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation, and the adoption of a zero-trust approach -- which may pay off in reducing the cost of these incidents further down the line." - Chris McCurdy, VP of IBM Security

IoT asbestos: Amazon Echo Dot does not wipe sensitive data after a factory reset:

  • Echo Dots and other IoT devices typically contain Wi-Fi passwords, MAC addresses, logins and other sensitive information
  • Northeastern University researchers tested 86 used Amazon Echo Dots and found the factory reset does not actually erase data
  • Data can be recovered with basic forensic techniques
  • The most basic factory reset was not done on 61% of the secondhand devices tested
  • Even when a factory reset was done, researchers were able to use Autospy to access personal data on the device
  • Amazon says a user can remove "personal content from the applicable device(s)" by using the factory reset function
  • Many if not most IoT devices use flash memory which is difficult to wipe because it is designed to only allow a finite number of deletes before the memory becomes usable
  • As a result, "deleted" data moved to an unused space ("wear leveling")
  • The data remains until that spaces is needed and then a true deletion occurs
  • A stolen device could allow a thief access an Amazon account
  • Researchers removed the memory and used devices readily availble to read it
  • Additionally, when an Echo Dot is decoupled from its "home network" it is supposed to require permission from the owner to connect to a new network
  • Even after a factory reset, Dots would work on a new network
  • Alexa would respond to voice commands that disturbingly allowed the researchers to control other IoT devices connected to the network, create Amazon orders and access contacts among many other functions as the previous owner
  • This is because the authentication token needed to connect the owner’s Amazon account is not delete by a reset!
  • The researchers believe this vulnerability is likely in other Amazon IoT devices and it's is possibly impacting other flash memory based IoT devices
  • The devices should be destroyed to protect against this
  • Researchers proposed a fix using encryption to Amazon
  • Amazon responded indicating that they are working on mitigation measures, but did not specify what

Sponsored Content

Sponsored Content