Recently, I covered for one of our technology shows and mentioned bluetooth as part of a permission base that an app for Donald Trump had when you installed the app. I was later linked to a podcast which covered this aspect and bluetooth as a whole is not necessarily a bad thing over all.
After reviewing that, I remembered I had an article talking about researchers finding a vulnerability in the operating system when it came to Android and it is not an IOS bug as they tested it.
I don’t honestly know of the first way researchers targeted bluetooth, but the article in question talks about how the latest round can be used to get at very specific things.
It works by allowing attackers to disguise themselves as a trusted application, requesting permissions that allow one Bluetooth-enabled device to share
data with another device, such as a headset or car’s “infotainment” system. For the attack to run successfully, Bluetooth must be enabled on the target
device and victims must approve the attackers’ request for privileges. In the end, this action gives attackers access to data on the victim’s device, according
to the California-based company.
The good news is that you still need to approve this thing, so if you’re not looking for any connections on bluetooth especially when traveling, its recommended to turn off bluetooth so you’re not discoverable, or deny connections you’re not expecting.
Researchers found another way to hack Android cellphones via Bluetooth is the article here and I think its still worth a read.
In other news speaking of phones, who here would ever trust the NSA with giving advice when it comes to security? OIn an article I also read around the same time I read the first one linked above, the NSA is trying to go around telling us what to do about hiding our location even if we turn off location services.
In part, a paragraph says:
The NSA warns, for instance, that in addition to mobile devices storing location data in their own mobile device logs, cellular networks receive real-time
coordinates for cellphones every time they connect to the network. That communication with the network also can make location information vulnerable.
So you’re telling me that this isn’t part of how cell phones work, because if there ever an emergency and you needed to call emergency services that you couldn’t get it?
Another paragraph says:
Bad actors using devices that imitate legitimate cellular towers could also obtain sensitive location information even without providers’ cooperation,
the NSA warns.
I have heard of devices that are like cell phone towers, and can act like the real thing, but I am unaware if I’ve came across them. I don’t think we can ever know if we have come across them.
There are two headings that might be of interest. The first: The public is definitely in mind and the second Smart devices and social media. I’m sure that you might want to take a look at this if you’re interested in this type of thing. I hope I am not sharing my location with a bad actor, even if I had turned off my location services. Here’s the NSA’s advice for reducing the exposure of cellphone location data is the article from Cyberscoop here.
A third article is more in the “oopse, we’ve been targeted” department as it talks about robocalls. A company who is supposed to give legal aid to various companies got their database lifted and from my estimation, people won’t be too happy about this one.
Chew on this paragraph. It says:
A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers,
email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.
Big time problem much? I still wonder why these databases are stored online and in the clear? My database is stored in a folder, in many files. MENVI has its roster but it too, is in a file on the computer, not online for everyone to peruse and lift data.
While Dropbox was targeted in 2016 according to have I been powned but I’m not concerned because I have two factor on and my password is strong as it is anyway. I should think about changing it, but I’ve not been overly concerned.
Lawyers representing TCPA claimants typically redact their clients’ personal information from legal filings to protect them from retaliation and to keep
their contact information private. The Blacklist Alliance researches TCPA cases to uncover the phone numbers of plaintiffs and sells this data in the form
of list-scrubbing services to telemarketers.“TCPA predators operate like malware,” The Blacklist explains on its website. “Our Litigation Firewall isolates the infection and protects you from harm.
Scrub against active plaintiffs, pre litigation complainers, active attorneys, attorney associates, and more. Use our robust API to seamlessly scrub these
high-risk numbers from your outbound campaigns and inbound calls, or adjust your suppression settings to fit your individual requirements and appetite
for risk.”
Wonder if anyone will trust these guys again?
Found anything in this space we should talk about on any of the podcasts? Drop me a line!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.