This is the 64th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston, Scott Wright recorded June 7, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast:
More Android phones than ever are covertly listening for inaudible sounds in ads
Marketers can now use apps to listen for “beacons” that indicate when a person is watching a specific TV commercial or other type of audio. If you have an Android phone there are many apps that are using these functions and violating privacy policies set by Google.
Attackers can use video subtitles to hijack your devices
Even the movies you watch on your computer or mobile device can be a target for malware distribution. A serious vulnerability was found in several popular media players (VLC, Kodi (XBMC), Popcorn-Time and strem.io) which allowed a malicious subtitle file to be downloaded to the victim’s device. The vulnerability would allow an attacker to take complete control of the device. Patch your media players!
Printer Tracking Dots Back in the News
Several years ago there was a lot of news about “printer tracking dots” and how your printer could be used to track who printed a specific document and where. Recently, this topic has come back in the news with the arrest of Reality Leigh Winner (yes, that’s her real name) who is accused of leaking a document from when she worked as a contractor for the NSA. Guess how she was found? Printer tracking dots!
Multiple Home Security Vulnerabilities
The security of your home is very important so it’s good to talk about some recent vulnerabilities that were disclosed (now fixed) from several major home security systems including Comcast XFINITY, ADT, and AT&T Digital Life. While the severity of these issues were low, it’s always good to keep an eye issues like these. Side note: Tom now has a Ring Doorbell Camera…he may have done some “testing”…stay tuned for the next episode to learn more.
Summary of the ‘WannaCry’ ransomware attack
I’m sure by now you’ve heard about the massive ransomware attack from a few weeks back (thanks to the NSA’s recently released tools). Scott and Tom provide a short and brief summary to explain what happened and what you should do. It’s been in the news so much lately…we just wanna cry about it!
Lastly, co-host Tom Eston was featured in a blog on Becoming the best Infosec Leader, Even Under Difficult Circumstances. Check it out!
Please send any show feedback, suggestions for future guests and topics to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!