This is your Shared Security Weekly Blaze for November 12, 2018 with your host, Tom Eston. In this week’s episode: Midterm Election Security, Gait Recognition Surveillance Technology and Caller ID Authentication
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, this is Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
The mid-term elections here in the United States took place last Tuesday and the Department of Homeland Security has said that there has been no evidence of any hacking that took place on the election infrastructure. As many of you may be aware, last Tuesday’s election was the first major election in the United States since Russia attempted to influence the 2016 presidential race. In fact, Department of Homeland Security Secretary Kristjen Nielson has said that last Tuesday’s election “is the most secure election in the modern era”.
Surprisingly, many areas of the country are still using paper ballots. In fact, 21 states are using full paper ballots and others are using a hybrid approach of paper and voting machines. As you can imagine the security of voting machines has been a hotly debated topic ever since the DEF CON hacking conference that took place in August of this year. This conference had a voting machine hacking village in which several different types of real voting machines were found to be vulnerable to many different types of attacks. These attacks could manipulate election results as well as cause other havoc on the overall election system. The biggest concern found with vulnerable voting machines though is physical security as the majority of these hacks require physical access to the voting machine. As long as polling places and local governments running and managing voting infrastructure takes the physical security of these machines serious, the risk of election result manipulation via the machine itself remains very low. If you’re interested in learning more about voting machine security, Scott and I dedicated an entire episode to this fascinating topic in episode 79 of our monthly show.
The bigger issue this election season though has been malicious manipulation of voters through the influence of social media. Just last week it was reported that Facebook had blocked more than 100 accounts that had ties to a Russian “troll farm” designed to influence the midterm elections. Facebook also noted that it deleted dozens of accounts that were linked to Iran in late October. Our advice is to always be careful of what you see posted on social media, not just political posts, as a lot of this information may be coming from a non-trusted source designed to manipulate your views.
Edgewise Networks is the first zero trust platform that stops data breaches by allowing only verified software to communicate in your cloud and data center.
Micro segmentation projects can be costly and difficult, but Edgewise offers a new approach: zero trust segmentation. Without any changes to your network environment, Edgewise puts your data at the heart of your security strategy, giving you:
- Visibility into workload communication pathways;
- Security policies built on the cryptographic fingerprint of the software;
- The ability to apply policies and segment your networks in one click; and
- A way to continuously monitor and assess risk.
Edgewise recommends policies based on the identity of your software, and stops attackers’ lateral movements by requiring authentication and authorization with every workload communication. Visit edgewise.net to learn how Edgewise can eliminate network attack surface, stop lateral movement, and protect your applications.
A new form of surveillance technology called “gait recognition” software is now being used by Chinese police on the streets of Beijing and Shanghai as well as other areas of China. Gait recognition software can identify someone by their body shape as well as how someone walks. The technology, created by a company called Watrix, does not need special cameras and works even when faces are hidden or unable to be identified through traditional facial recognition technology. Gait recognition has a 94 percent accuracy rate which is good enough right now for commercial use. The software works by first uploading video footage then by extracting someone’s silhouette from a video which then analyzes movement to create a virtual model of how a person walks. This means that even if a person was purposely trying to evade a system like this, by limping or hunching over, the software is still capable of determining someone’s identity. However, identifying people in real-time video footage is not yet available as it currently takes a lot of computing power to analyze someone’s gait because you need a sequence of images rather than a single image as current facial recognition technology uses.
In China and other nation states, mass surveillance is big business. In fact, I recently visited London England, which is known as one of the most surveilled cities in the world. There are CCTV camera’s everywhere! One recent report noted that there are approximately 5.9 million closed-circuit TV cameras in the UK which works out to be one camera for every 11 people. That, of course, is nothing compared to China where its estimated that 176 million surveillance cameras are keeping tabs on China’s 1.3 billion citizens. Keep in mind, surveillance cameras are not always government owned and operated. Many are purchased by homeowners and businesses to help deter theft and other crimes. What I find interesting is that by combining gait recognition with current facial recognition technology, it could mean much more surveillance technology being used in a city near you once this software becomes more mature and cheaper to purchase.
The chairman of the FCC, Ajit Pai, stated last week that he is demanding the adoption of an authentication system to prevent caller ID spoofing, which is the primary technique used by robo and spam callers. Ajit Pai sent letters to the CEOs of 14 telecom companies stating that if they did not establish plans to implement call authentication by 2019, the FCC would take action. Ajit Pai nor the FCC did not specify what action they would take for telecoms that did not comply with the order.
Caller ID spoofing is when a scammer uses techniques to hide the real phone number they are calling from to make it look like a call coming from a number you are more likely to answer, like one that has the same area code and prefix as your phone number. Earlier this year the FCC dished out its biggest fine ever, to the tune of $120 million dollars, to a person in Miami Florida that was responsible for 96 million robocalls. Now if we could just get the FCC to reverse course on net neutrality, that would be even better. If you’re interested in learning more about the technology that telecom companies are looking to implement, one in particular called “CallPrinting”, be sure to listen to episode 35 of the Weekly Blaze linked in the show notes of this episode.
That’s a wrap for this week’s show. Be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on your favorite podcast listening app such as Apple Podcasts or on our YouTube channel. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.