Tech Friday with Dave Hatter- February 7th 2020 - SPONSORED BY INTRUST IT


  • Verizon launches 5G in Cincinnati:
    • 5G stands for the fifth generation of cellular network technology
    • Cincinnati is now the 34th city to join the Verizon 5G rollout
    • 5G networks use relatively small antennae that are attached to existing infrastructure as apposed to huge cell towers
    • These antennae are very densely deployed so that signals will be carried much faster and more reliably
    • 5G bandwidth is measured in gigabits per second. Early tests show that 5G networks may be as much as 100 times faster than existing
    • Download speeds range between 1Gbps and 10Gbps, though it can theoretically go higher to compete with wired broadband systems
    • When fully implemented, the speed and reduced power consumption 5G brings will usher in many new products and services
    • "The arrival of 5G will undoubtedly bring higher speeds for end-users – but those speeds will vary depending on how operators design their networks and how many users are on the network" Els Baert, director of Marketing & Communications at NetComm
    • While 5G is a reality, the big four wireless carriers have limited availability in the US and few 5G phones are available
    • Realistically, it’s going to take a while before 5G is widely available and you need a 5G capable phone to get the performance gains
    • At the end of January, Verizon switched on their 5G Ultra Wide Band in ten greater Cincinnati neighborhoods centered around downtown
    • At present, 5G is only available on a small number of phones, all Androids. There are no Apple phones that support 5G yet
    • If your phone supports 5G, it will say will say "5GUWB" in the upper right hand corner of the screen
    • WCPO compared the speed of a 5G and 4GLTE phone just outside Great American Ball Park. The 4G phone hit 160MB/s, while the 5G phone maxed out at 1,200MB/s, about 8 times faster
    • Despite some concerns raised about the safety of 5G radiation, the FCC is fast tracking the 5G rollout nationwide
    • Security have been raised as well
    • At the Association for Computing Machinery's Conference on Computer and Communications Security researchers presented findings that the 5G specification still has vulnerabilities
    • Researchers from Purdue University and the University of Iowa presented 11 design issues in 5G protocols that could be exploited
    • The flaws could expose your location, downgrade your service, jack up your bill and track when you use the device
    • They also found five additional 5G vulnerabilities left over from older technologies
    • "Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G too.
    • Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings." - Syed Rafiul Hussain, a mobile security researcher from Purdue
    • The researchers submitted their findings to the standards body GSMA
    • Fixes are in the works. GSMA said "These scenarios have been judged as nil or low-impact in practice, but we appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future"
    • "The thing I worry about most is that attackers could know the location of a user, 5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough" - Hussain
    • As 5G rolls out, time to correct these these flaws is dwindling
    • At present, only Verizon has true 5G coverage in the Greater Cincinnati region
    • T-Mobile offers 5G "low band" 5G, which is only about 20% faster than the current standard 4GLTE
  • More than 50 organizations ask Google to kill preinstalled crapware that enables data exploitation:
    • A recent study of apps preinstalled on Android phones by manufacturers found that many are not included in the Google Play store
    • The extensive study reviewed more than 1,700 different Android devices from over 200 vendors
    • These preinstalled apps are not subject to the terms and protections of the "Google Play Protect" security suite which is now standard on newer Android devices. Only 9% of these apps were present in the Google Play Store
    • Device manufacturers are granted substantial freedom in how they collect user data
    • As a result, the end user has to trust the device manufacturer to install apps that can be trusted, and it appears that is not always the case
    • Privacy International and more than 50 other privacy oriented organizations wrote an open letter to Google asking them take action to stop data exploitation by these manufacturers
    • The high profile organizations signing the letter include the ACLU, Amnesty International, and the Electronic Frontier Foundation (EFF)
    • These preinstalled apps may have access to the camera, microphone or location data without requiring user granted permission which a Google Play Store app would require
    • The behavior of the apps was studied and researchers said that user tracking and personal data collection was "quite prevalent"
    • In addition to geolocation and personally identifiable information (PII), some of these apps collected information including contacts and phone call and email metadata
    • They said a small number of these apps were malware designed to grant remote root access to the phone
    • Additionally, researchers found that 74% of these apps were never updated, and 41% had not received security updates in five years or longer
    • This is yet another reason to ditch Google for Apple
    • View the letter here:https://privacyinternational.org/advocacy/3320/open-letter-google
    • Read the study here:https://haystack.mobi/papers/preinstalledAndroidSW_preprint.pdf
  •  Newer cars are spying on their owners:
    • Washington Post writer Geoffrey Fowler recently reported on the attempts by a hacker to determine what information is being collected by the systems in a randomly selected 2017 car
    • Not surprisingly, quite a bit of information is collected. Most new cars are rolling computers bristling with sensors
    • Fowler wanted to see just how much information GM is getting from its connected cars and chose a 2017 Volt for testing
    • Fowler wrote "My Chevy's dashboard didn't say what the car was recording. It wasn't in the owner's manual. There was no way to download it"
    • It's unclear exactly what data is collected, who has access to it, how it might be shared, or how it's secured
    • A GM spokesperson told Car and Driver: "Nothing happens in terms of connected services without customer consent"
    • GM said vehicle data such as location, vehicle health and status, and operating information "enables many important safety and connectivity services [including] automatic crash notification (alerting first responders to an accident scene), stolen vehicle locator, and vehicle health monitoring (monthly emails to an owner advising them of service and maintenance status)."
    • He discovered the car was recording details about where the car was driven and parked, call logs, identification information for his phone and contact information from his phone, "right down to people's address, emails and even photos."
    • Fowler said "On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection"
    • Fowler also purchased a a Chevy infotainment computer on eBay, which yielded information about the previous owner including pictures of an individual that the previous owner referred to as "Sweetie:
    • Data collection such as that mentioned above is not unique to any one brand or model, nearly all newer cars have connectivity and nearly all of them are collecting data to some extent
    • In 2017, the U.S. Government Accountability Office (GAO) explored the data privacy policies of automakers and found that the 13 companies under their lens are not exactly using best practices
    • The GAO said that manufacturers "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."
    • At present, there are no federal laws to regulate what automakers can collect or use when it comes to personal driving data
    • Since 2014, 20 automakers (including GM) have pledged "to meet or exceed commitments contained in the Automotive Consumer Privacy Protection Principles established to protect personal information collected through in-car technologies," according to the Auto Alliance
    • The first principle is "provide customers with clear, meaningful information about the types of information collected and how it is used"
    • It does not appear that the first principle is not being met
    • New regulations such as the California Consumer Privacy Act (CCPA) may force new practices
    • You can limit the amount of information that a car can collect by not connecting your phone to the car via USB or Bluetooth. Charge it using a charger
    • Fowler recommended an app called "Privacy4Cars" to remove your data from cars you use but don't own:https://www.privacy4cars.com/home/default.aspx
    • 5G connectivity may make it more difficult to restrict access to your data in the future
    • Read the GAO report here:https://www.gao.gov/assets/690/686284.pdf
    • Read Fowler's article here:https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/