Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view.Full Bio

 

Tech Friday with Dave Hatter - January 7th 2022 - SPONSORED BY INTRUST IT

Google fixes 48 vulnerabilities in first Android updates for 2022:

  • A Ponemon Institute survey found 57% of security breaches were due to vulnerabilities in unpatched software
  • Google published is patching 48 vulnerabilities in Android OS, Pixel devices, and Android Automotive OS
  • The January 2022 Android Security Bulletin describes a total of 35 vulnerabilities most of which have a severity level of high
  • Google said an Android runtime flaw in Android 12 is the most important because it leads to elevation of privilege
  • The updates also includes an updated Kernel
  • Google Pixel devices have another 10 security holes patched as well
  • Devices running Android Automotive OS (AAOS) have another three vulnerabilities patched Google wrote in a separate advisory
  • Read the Google bulletin here:https://source.android.com/security/bulletin/2022-01-01
  • Google also rolled out updates to fix 37 security issues in Chrome

The latest Orwellian nightmare - an always-on smartphone camera:

  • Most modern smartphones tell you when an app is accessing your camera or microphone
  • Qualcomm's new Snapdragon 8 Gen 1 processor will provide always-on camera capabilities for new Android phones in 2022
  • Qualcomm Technologies vice president of product management Judd Heape "Your phone’s front camera is always securely looking for your face, even if you don’t touch it or raise to wake it."
  • Qualcomm’s rationale for this is unlocking your phone any time you look at it, there is no need to touch it or talk to it
  • This would theoretically make your phone more secure by locking the phone when you are not visible or when someone else enters the frame
  • Similar capability already exists, for example, Google’s Nest Hub Max recognizes your face when you walk up to it
  • Home security cameras and video doorbells are constantly on, looking for activity or even specific faces
  • But these devices are not with you at all times
  • It's not news that there have been many security and privacy issues with these types of devices
  • It's not clear how you would know if the always-on camera had been subverted, it's always on!
  • Judd Heape said that "always-on camera data never leaves the secure sensing hub while it’s looking for faces" and that the chip is "hardened" so that it can't be hacked
  • Heape said the camera "cannot capture photos or video" and "no image or video is stored"
  • Qualcomm's Ziad Asghar said "The consumer has the choice to be able to pick and choose as to what is enabled and what’s not enabled"
  • It’s possible smartphone manufacturers won’t enable this capability

Are the toys your kids got for Christmas spying on you?

  • Experts estimate there were more than 30 billion Internet Of Things (IoT) devices now and were on track for nearly 80 billion by 2025
  • Many of these devices, in some instances children's toys, have cameras and/or speakers
  • Many people, including children, got these devices as Christmas gifts
  • The new Fisher-Price Chatter Bluetooth telephone allows nearby attackers to listen to calls or communicate with children using it
  • Pen Test Partners found "When powered on, it just connects to any Bluetooth device in range that requests to pair"
  • A similar issue exists in another toy called My Friend Cayla
  • A Bluetooth vulnerability in Cayla allows an attacker within range to connect a device to listen the doll’s microphone or speak through its speaker
  • Virtual assistants like Siri and Alexa are designed to listen for a "wake phrase", when the wake phrase is heard, the device pays attention to what follows
  • Many have questioned if the speakers are listening constantly regardless of the wake phrase
  • Many of the companies behind these devices, especially Google, Amazon and Facebook have controversial track records on privacy
  • For Google's Assistant the wake phrase is "OK Google", Amazon's is "Alexa", for Apple's Siri, it's "Hey Siri" and for Microsoft’s Cortana it's "Hey Cortana"
  • Research has shown that some "smart" speakers activate by mistake, as often as 19 times each day on average
  • There are well known instances of these and other devices listening when they shouldn't be listening
  • These devices can mishear things that trigger the device to listen. This has lead to these devices capturing everything from sex to crimes
  • Researchers at Northeastern University and Imperial College London have found that the accuracy of these devices for discerning the wake phrase is not very good
  • To simulate real-world conditions, researchers configured a variety of smart speakers and played 125 hours of audio from various TV shows
  • Researchers uncovered more than 1,000 word sequences, many from TV shows such as Game of Thrones, Modern Family, House of Cards, and news broadcasts that triggered the devices
  • Recording was detected by capturing when lights activated, by monitoring the network traffic, and by checking cloud accounts for recordings
  • When devices wake up they record a portion of what’s heard and send it to the manufacturer. This means that fragments of potentially private conversations can end up in the company logs
  • Additionally, when devices activated, it was for fairly long periods, some as long as 43 seconds!
  • As more folks are forced to work from home, concerns are being raised by cybersecurity and privacy about the compromise of sensitive information
  • Mishcon de Reya LLP and English law firm, told staff to mute or disable such devices when discussing client matters
  • Mishcon’s warning covers any kind of visual or voice enabled device including Ring doorbells, baby monitors and closed-circuit TVs, are also a concern
  • "The devices are intentionally programmed in a somewhat forgiving manner, because they are supposed to be able to understand their humans" said researcher Dorothea Kolossa
  • "Therefore, they are more likely to start up once too often rather than not at all"- Kolossa
  • "Perhaps we’re being slightly paranoid but we need to have a lot of trust in these organizations and these devices" - Mishcon partner Joe Hancock
  • You can disable active listening on many of these devices and require a button click to activate the device
  • The best thing you can do is D2, disconnect and discard these Orwellian spy machines
  • If you won't get rid of these devices, you can stop employees from listening to your voice commands and wipe all interactions you've made with your device
  • Exactly how to do that depends on the manufacturer, you can find instructions at the following link, or visit the manufacturers' website:

Sponsored Content

Sponsored Content