Tech Friday with Dave Hatter

posted by Frank Fowler -

  • Millions of Android and iOS apps at risk from Eavesdropper:
    • Appthority researchers reported that the "Eavesdropper" vulnerability is the result of poor mobile app development practices
    • Many developers hard code their credentials into the source code of mobile applications that use the Twilio Rest API or SDK
    • Twilio is a cloud communications platform for building SMS (text), voice, and messaging applications on an API
    • Unfortunately, this practice gives those applications full access to all data stored in the Twilio backend
    • Eavesdropper exposes sensitive data including hundreds of millions of call records, minutes of calls, minutes of call audio recordings, and SMS and MMS text messages
    • “Eavesdropper poses a serious enterprise data threat because it allows an attacker to access confidential company information, which may include a range of sensitive information often shared in an enterprise environment, such as negotiations, pricing discussions, recruiting calls, product and technology disclosures, health diagnoses, market data or M&A planning,” said Seth Hardy, Appthority director of security research. “An attacker could convert recorded audio files to text and search a massive data set for keywords and find valuable data.”
    • According to Appthority's research, about 33% of the apps in question were business-focused
    • This vulnerability has lead to data exposure from nearly 700 apps
    • More than 170 of these apps are currently available and have been downloaded up to 180 million times, and that's only on Android, the number of impacted iOS apps (Apple) is currently unknown
    • Appthority first discovered the vulnerability back in April and notified Twilio in July. Some apps have been corrected, but Appthority hasn't published a full list of impacted apps
    • Unfortunately, this issue is not specific to developers who create apps with Twilio, it speaks to a larger issue with shoddy and insecure development practices
    • "Hard-coding of credentials is a pervasive and common developer error that increases the security risks of mobile apps," said Appthority researchers
    • Twilio has contacted the developers of affected apps and is actively working to secure their accounts as updating authentication credentials is the only fix for this issue
    • This is an example of one of the many issues that may cause a software apocalypse
  • Kiss your car goodbye:
    • Bob Lutz is a former vice chairman and head of product development at General Motors. He also held senior executive positions with Ford, Chrysler, BMW and Opel
    • In a recent interview with Automotive News Lutz predicts that once safe autonomous cars reach a tipping point where 20-30% are fully autonomous, accident statistics will show that humans are the weak link
    • Governments will use this data to legislate non-autonomous vehicles off the roads
    • Lutz predicts that we are no more than 15-20 years away from the tipping point
    • Once the tipping point is reached, Lutz said "Everyone will have 5 years to get their car off the road or sell it for scrap"
    • Lutz said "CNBC recently asked me to comment on a study showing that people don't want to buy an autonomous car because they would be scared of it. They don't trust traditional automakers, so the only autonomous car they'd buy would have to come from Apple or Google. Only then would they trust it. My reply was that we don't need public acceptance of autonomous vehicles at first. All we need is acceptance by the big fleets: Uber, Lyft, FedEx, UPS, the U.S. Postal Service, utility companies, delivery services. Amazon will probably buy a slew of them. These fleet owners will account for several million vehicles a year. Every few months they will order 100,000 low-end modules, 100,000 medium and 100,000 high-end. The low-cost provider that delivers the specification will get the business."
    • GM recently announced that they will field a driverless taxi fleet in 2019
    • Alphabet's Waymo autonomous vehicles have logged more than 4 million miles on public roads and billions of simulated miles
    • Waymo’s autonomous systems learn from a combination of experience on public roads and testing on the company’s private track
    • More than 20,000 unique scenarios have been modelled at Waymo’s private test facility including events such as "people jumping out of canvas bags or skateboarders lying on their boards."
    • Just this month Waymo began sending out self-driving vehicles without a safety driver on board and they expect to begin giving people rides in those autonomous cars in the near future
    • I have predicted this for years, but rock band Rush predicted this all the way back in their 1981 song "Red Barchetta"
    • Lutz also predicts the demise of car dealers except as a fringe business for people who have money can can afford "personalized modules" for off public road use
    • You can read the full article here: http://www.autonews.com/article/20171105/INDUSTRY_REDESIGNED/171109944/bob-lutz:-kiss-the-good-times-goodbye
  • Supreme Court cellphone case threatens privacy and free speech:
    • In 2014 a Detroit man was sentenced to 116 years in prison for a series of armed robberies in south-eastern Michigan and north-western Ohio largely based on location data from his cell phone
    • The FBI arrested Timothy Carpenter when the data put him within two miles of the crimes
    • At issue is the data that the FBI obtained without a warrant because of a legal theory related to the Fourth Amendment known as the "third-party doctrine"
    • The mobile service provider produced 186 pages listing every call that Carpenter had made over a 127-day period as well as coordinates indicating where Carpenter had been for each call
    • The Fourth Amendment normally protects Americans’ right to privacy, but because Carpenter "voluntarily" gave his cell phone data third party (his mobile provider) he lost any “reasonable expectation of privacy,”
    • An exhaustive picture of Carpenter’s every move over nearly half a year was constructed from the data
    • Carpenter’s lawyers are arguing before the Supreme Court this week and will suggest that law enforcement violated his Constitutional right to privacy by not obtaining a warrant before searching his cell phone data
    • His attorneys will argue that the third-party doctrine is outdated and too narrow for our digital times. In today's world, enormous amounts of your data are passing through third parties
    • The Guardian wrote "Many cellphone users have only a vague understanding of the extent to which providers monitor their movements, but these companies now track us much more closely than even the most committed human spies ever could. Cellphones function by connecting to antennas – “cell sites” or “cell towers” – that provide cellular service. Those cell sites, which are owned and operated by the cellular companies, are programmed to record which phones connect to them, and when. They also record the direction from which the connecting phone’s signal is received and, often, the distance of the phone from the cell site."
    • Privacy advocates are alarmed by this case because much if not most of the digital technology we rely on today requires us to share information passively with third parties
    • Jody Blanke, professor of computer privacy law at Atlanta’s Mercer University said "Most scholars agree that privacy is not an all-or-nothing phenomenon,"
    • Blanke signed an amicus brief in support of Carpenter in the case Carpenter v United States. "You can disclose information to a third party and still have a reasonable expectation of privacy."
    • A decision against Carpenter will drastically reduce Americans’ right to privacy in the digital age 
    • Additionally, the court’s resolution of the case will have far-reaching implications for the freedoms of speech, press and association
    • 19 leading technologists explain how easy it is to use a person’s location data to learn about her beliefs and associations
    • MIT has demonstrated that with as few as 3 data points an analyst can learn whether a given person attended a public demonstration, attended a political meeting, or met with a particular activist or lawyer. 
    • More data means that more information can be unearthed, for example, whether a given person was at a public demonstration and who else was there
    • "Awareness that the government may be watching chills associational and expressive freedoms," Chief Justice John Roberts wrote. Left unchecked, he warned, new forms of surveillance could "alter the relationship between citizen and government in a way that is inimical to democratic society"
    • This is a case the bears watching!

Comments

Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here

This ad will close in X seconds.