The Shared Security Podcast Episode 69 – Amazon Key, KRACK and DUHK Attacks, New Devices to Steal a Car

This is the 69th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 25, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

Amazon Key opens your home for indoor deliveries
A new Amazon Prime service now allows your package couriers access to your home to drop off deliveries.  The system uses a Amazon smart lock and connected camera.  Innovation or invasion of privacy/security nightmare? Tom and Scott debate the pros and cons!

Severe WiFi security flaw puts millions of devices at risk (KRACK)
A new attack (called KRACK – Key Reinstallation Attack) on the current standard for WiFi security (WPA2) allows an attacker to decrypt Internet traffic from devices being used on a WiFi network with WPA2 encryption enabled. While patches for most modern devices and operating systems will be released (i.e. Apple iOS, Windows 10, etc), many devices such as older Android phones and IoT devices may never get patched. Tom also mentioned a tool which can be used to “downgrade” secure HTTPS connections with this attack called SSL Strip.

DUHK (Don’t Use Hard-coded Keys) Vulnerability
Another recent attack (with a funny name) was announced on a specific type of cryptography implementation being used by certain VPN’s. Specifically, VPNs which use specific versions of FortiOS are vulnerable. If you or your business uses one of these VPNs make sure you patch ASAP.

Just a Pair of These $11 Radio Gadgets Can Steal a Car
Stealing cars just got easier with a recently updated attack on certain keyless entry systems that cars use. Researchers have now demonstrated how easy it is to steal a car with just a pair of $11 radio gadgets. Best way to prevent this (until car manufactures can patch/address the vulnerability) is to keep your car key in a “Faraday bag” or metal protective sleeve like they have available for wallets to protect RFID enabled credit cards.

Please send any show feedback, suggestions for future guests and topics to feedback [aT] or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Free Facebook Privacy & Security Guide!

Recently updated with the latest 2019 Facebook updates, our Facebook Privacy & Security Guide walks you through a baseline of privacy and security settings on Facebook so you can limit as much personal information as possible while still being social. In this guide you'll learn about:

  • 5 tips for using any social network
  • How to control your default privacy, timeline and tagging
  • Location and ad tracking settings
  • What information you should limit in your Facebook profile
  • How to configure two-factor authentication

You'll also receive our email newsletter with show updates, email subscriber only contests, sponsor discounts, and more! (We promise not to SPAM and you can unsubscribe at any time!)