Weekly Blaze – Real-time Location Tracking, VPNFilter Router Malware, Apple’s GDPR Updates

Episode Artwork
0% played 00:00 00:00
May 28 2018 12 mins   39
This is the Shared Security Weekly Blaze for May 28, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here! Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated! Show Transcript This is your Shared Security Weekly Blaze for May 28th 2018 with your host, Tom Eston. In this week’s episode: Real-time Location Tracking, VPNFilter Router Malware and Apple’s GDPR Updates. The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details. Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”. In the spirit of good GDPR compliance you can now opt-in to our brand new email list for the podcast! Stay up-to-date on the latest episodes, receive exclusive offers from our sponsors, participate in contests and gain access to content just for our email subscribers! Sign-up at sharedsecurity.net today. How valuable is your real-time location? For many of us, it’s a very scary thought to think that someone may have access to easily track your whereabouts in real-time with no permission from you or little or no recourse for their actions. Well for mobile phone carriers your location means more profit for them because they have been selling access to real-time location data to different third-party companies. In late breaking news the other week a company called LocationSmart, which is a real-time data aggregator of mobile phone location data, has been able to access the real-time location of every phone from every major US carrier (that includes AT&T, Sprint, T-Mobile and Verizon) without user consent. A researcher named Robert Xiao who is from Carnegie Mellon University was messing around with a web demo of the LocationSmart application and found that he could query the real-time location of some of his friends through a vulnerability in the API of the application. The LocationSmart demo app was not taken down until famed reporter Brian Krebs from KrebsSecurity.com got involved and reported on the issue. This is also not the first time that we’ve recently seen real-time location data from the mobile carriers being used suspiciously. Back in early May, a company called Securus was identified through a New York Times article that was about a former sheriff who was using location data through the Securus service to track people without a warrant or user consent. To add further insult to injury, a hacker broke into Securus systems and stole 2,800 usernames, emails and hashed passwords of Securus customers. Ironically, Securus gets its location data from, you guessed it, LocationSmart. You also shouldn’t be surprised that these are probably not the only two companies that have access to real-time location data. You can bet that many other organizations, including criminals and nation states are also using services from similar companies. This entire situation brings into question what mobile phone carriers are doing with our location data. Of course they need to monitor, track and record your location otherwise your phone wouldn’t work and it would defeat the purpose of having a mobile phone altogether. However, it comes as a surprise that the carriers are blatantly giving your location data to third-party agg [...]