Remove Ubuntu Grub Bootloader From Windows! Computer Desks & Battlestations, Sync Folders Fast!!Read More
Scooters are being hacked! Make sure you’re resetting your ad ID, but does it do anything? And Australia’s parliament has some hacks to deal with! All that coming up now on ThreatWire. #threatwire #hak5Read More
Apple Fixes their FaceTime Bug, and Finds More Issues in the process, airlines are found not encrypting your passenger data, and detailed and accurate GPS data was being sold off! All that coming up now on ThreatWire. #threatwire #hak5
Our Site → https://www.hak5.org
Shop → https://www.hakshop.com
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Host: Shannon Morse → https://www.twitter.com/snubs
Host: Darren Kitchen → https://www.twitter.com/hak5darren
Host: Mubix → http://www.twitter.com/mubix
Apple Facetime Update:
Best Gaming TVs! Google Translate Alternative??? Meet Pocketalk! New 49 Inch Dell U4919DW Monitor, VPN Blocks My Bank?
00:47 CamelCamelCamel’s $45,000 Drive Disaster
It was a rough week for CamelCamelCamel.com, the ever so awesome Amazon price tracking service. In the words o' TekThing viewer Don, “Well here's s a good reason to back up that data: $29k for data recovery.” More deets (like what happened) i the show, and we hope they’re back online this week! Go backup your data!
03:37 Dell UltraSharp 49 Inch Curved Monitor: U4919DW
Patrick’s run a 35” Dell ultrawide monitor on his desk for years. Has he finally found a monitor that’s too wide??? What makes this a better monitor for office apps and Creative Suite than other massive panels? Watch the review to find out!
10:33 Pocketalk Translator
A verbal language translator, the size of a bar of soap, that works with 74 languages over WiFi or mobile data on its own SIM card? Meet Pocketalk. Can you really have a conversation with it? Is it better than Google Translate? Watch the video to find out! https://www.pocketalk.net/
24:15 Will My Bank Work Over A VPN???
James emailed from Dallas, Texas, “If I run everything through a VPN will I still be able to log into my bank, email etc. or will they automatically think I am unauthorized?” That’s an absolute maybe! Find out more in the video.
28:02 Gaming TV Recommendation
Thomas emailed firstname.lastname@example.org, “
I am planning on downsizing my life and moving in to a tiny home or an RV for full time living. I am a big gamer but because of the size limitations of an RV or a tiny home i don't want a TV and then a monitor as well. I know that you can get TV tuners for your computer but monitors are way more expensive then a TV. I want to get a 50+ inch TV, would love 60hz+ and would need enough inputs for my computer, Roku, PS4, PS3 at the very least so 4 but 6 HDMI inputs would be nice.” Our picks are in the video, and check out the excellent “The 7 Best 4k Gaming TVs - Winter 2019” at RTINGS.com!
A big Thank You to Hak5 for the studio space! Check out the security and privacy podcasts at hak5.org, the pentesting gear in the shop, and don’t forget: Cloud C2: makes remote pentesting easy!
31:46 Do Something Analog!
Like Terry, who preserved a fragile stained glass church window, including LED back lighting to make it glow. Nicely done!
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn't be able to make the show for you every week!
EMAIL US! ➳ email@example.com
Amazon Associates ➳ https://amzn.to/2pHgf8T
Subscribe ➳ https://www.youtube.com/tekthing
Website ➳ http://www.tekthing.com
RSS ➳ http://feeds.feedburner.com/tekthing
Patreon ➳ https://www.patreon.com/tekthing
Help us with translations! ➳ http://www.youtube.com/timedtext_cs_panel?c=UC6sWaC11f4mxnizvOroOvkQ&tab=2
HakShop ➳ https://hakshop.myshopify.com/
Dale Chase Music ➳ http://www.dalechase.com/
SOCIAL IT UP!
Twitter ➳ https://twitter.com/tekthing
Facebook ➳ https://www.facebook.com/TekThing
Reddit ➳ https://www.reddit.com/r/tekthingers
Shannon Morse ➳ https://www.twitter.com/snubs / https://www.youtube.com/shannonmorse
Patrick Norton ➳ https://www.twitter.com/patricknorton
5G Security Flaw
A flaw was recently discovered in the new 5G protocol that could allow a third party to use IMSI catcher like devices to snoop on data on this new protocol. Four researchers at SINTEF Digital Norway, ETH Zurich Switzerland, and Technische University Berlin Germany discovered the vulnerability, which effects not only 5G, but is also backwards compatible with 3 and 4G protocols as well. It affects the Authentication and Key Agreement (AKA for short) - the technique between your phone and a cellular network that allows them to communicate securely. AKA is supposed to negotiate and establish a key exchange between the phone and carrier to encrypt the link. 5G-AKA is supposed to thwart IMSI catchers, but the vulnerability opens up a potential entry point for newer devices to spy.
Data about a users activity, such as numbers of texts or calls received and sent, could be used by an attacker to profile a victim. And if you take your phone away from the signal of a newer IMSI catcher? Well, the moment you come back within it’s vicinity, it can pick up where it stopped and continue tracking. This could be used to track political figures or officials in targeted attacks, not only to see amounts of calls, but also to track physical location between fake base stations.
The researchers responsibly disclosed their findings to 3GPP (the 3rd Generation Partnership Project) and GSMA, and the parties are taking steps to remedy the situation before the end of 2019.
Last week, a major bug surfaced by 9to5Mac, detailing how iPhone users could use FaceTime group chats to snoop on the audio from other phones without their knowledge. All someone would have to do is call another user using FaceTime, and they would immediately hear the audio from the receivers phone before they accepted or rejected the call. The ringer rings as normal, so the receiver would know someone was calling, but they wouldn’t be able to tell if you could hear their audio before they actually picked up.
Many iphone users took to social media expressing their concerns at the ease of this vulnerability. Put simply: you’d first have to start a FaceTime Video Call to an iphone contact, then, when it’s dialing, swipe up from the bottom and tap Add Person. Add your own phone number on the Add Person screen, then start a group FaceTime call with yourself and the audio of the contact.
To make matters worse, this flaw could also be used to snoop on the video feed of the user. To do this, all a user would have to do is press the power button while on the lock screen, which also would send their video to the caller. According to BuzzFeedNews, pressing volume down did similar. While the underlying cause wasn’t specified, security researchers think that bad logic coding of the group FaceTime processes could be the problem.
After this news broke, it was discovered that a 14 year old boy found this flaw over a week prior to the news article, while playing Fortnite with his friends. The boy stumbled upon the bug on January 19, while trying to initiate a group FaceTime call. His mother reported this problem to Apple through a series of posts and emails, but to no avail. It appears Apple knew or should have known about the problem for a week before actually getting around to fixing it. While they did respond to one of her reports on January 23, it was not clear to the mother that they were fixing it.
Apple disabled the group FaceTime feature on January 29, and it has since been listed as temporarily unavailable on their system status page. Before that disabled the feature altogether, the best option was just to disable FaceTime in the iOS settings.
Apple is now experiencing legal concerns related to this bug. They have been sued by a Houston based lawyer, who claims someone eavesdropped on a conversation. New York Attorney General Letitia James has also initiated a formal investigation into the bug.
A software patch will be made available to users this week in iOS 12.1.4, and to update, simply go to your settings app, general, and software update.
Facebook Loves Your Data
Facebook isn’t out of the security headlines yet… no surprise. Facebook uses an Apple program called the Developer Enterprise Program to create and manage apps that aren’t found in the Apple App Store, but are available for download. This is usually used by companies to create internal apps used for internal capabilities. Facebook used the Developer Enterprise Program to create and distribute an application to the masses that allows them to obtain user data while paying that user $20 a month. Since Apple has pretty strict privacy rules for their App Store, this is a loophole that Facebook was able to take advantage of to track users data. The “Facebook Research” app used Root Certificates to collect data on users. This could be browsing history, time spend on apps or sites, purchases made, private messages, location data, and network data just to name a few. Since Facebook Research also enabled their own VPN network, this also gave them the ability to view anything that would normally be kept private under a VPN service.
Since this is in violation of Apple’s guidelines, Apple revoked Facebook’s enterprise certificates, which also broke some of Facebook’s internal team apps. Beta versions of apps like Instagram, Messenger, and the Facebook app would also stop working, since those were all part of the enterprise program. After some time, Apple restored Facebook’s access to the Enterprise Program. Your version of the social media apps if downloaded from the App Store, are not affected.
With Facebook came similar news from Google. Google’s Screenwise Meter app was also available in this format that allowed them to analyze and monitor user data. Google removed their application from download, and made a statement regarding the iOS app saying that it was a mistake.
I've been working on The Snubs Report every week as an after-hours hobby platform. This show is giving me the ability to fine-tune my own vlogging and learn more editing skills. Since I've started The Snubs Report, I've gotten better at editing video and photos with Adobe Premiere, Lightroom, and Photoshop. I'm also learning a lot about analytics and what kind of videos you want to see.
So, what do you want to see me talk about on The Snubs Report? Anything in particular? Let me know via my social networks, or comment below!
This past month has been extremely busy! Luckily, though, I'm loving each and every minute of it. I recently got the open position as the new producer of Before You Buy on TWiT.TV and I'm up in Petaluma part time managing that new role. This is an exciting opportunity to work with a new group of core tech enthusiasts and grow my own career as a journalist and entertainer. When I'm up at the TWiT headquarters, I'll be wrangling gadgets for the show, guest hosting when asked, reviewing products every week, and producing the show. It sounds like a lot, but it's very fun and manageable with my organization skills.
A few folks have asked me if I was leaving Hak5 when I started producing BYB, and I'm still hosting the show just like normal. Now, I'm hosting/ producing Hak5, HakTip, Before You Buy, Bite Club Show, and (soon!) Threat Wire. So even though I'm starting new endeavors I'm still sticking to my roots with Hak5 and learning as much as I can about the world of security. We have plenty to look forward to in the next year, and I'm actually excited to go to work during the week. :)
This week we are checking out more expansion commands with nesting and parameters.
This time on HakTip, Shannon covers the echo command and its various uses.
This week on Haktip, we are checking out pipelines and their abilities in the terminal.
Every week, I learn something new about the Linux Terminal. And every week I'll share it with you!
This time on the show we're tunneling our traffic through multiple servers with proxychains. Plus, safe password keeping and Active Directory authentication for Linux. All that and more this time on Hak5.
This time on the show, using One-Time-Passwords in Linux for SSH authentication. We cover the theory and set up our server with a Yubikey. Plus, relay'ing without GatewayPorts, easily edit Known_Hosts, Free SSHFS in Windows and a ton more, this time on Hak5!
Continuing with SOCKS5, SSH, Public Key Pairs and fingerprints, Darren and Shannon use SSH to create a secure remotely mounted network filesystem with implementations in both Windows and Linux.
This time on Hak5, we begin a special series on proxies. Caching, filtering, security or anonymity -- whatever your reasons may be, Darren and I are exploring the ins and outs of this great technology from the ground up. All that and more!