|:00||TITLE:||Shannon Morse, TekThing/ThreatWire - Co-Host|
|Stories subject to change up until showtime|
|Daily Tech News Show is powered by, you. To find out more head to dailytechnewsshow.com/support|
|play the opening music here....|
|This is the Daily Tech News for Friday April 13th, 2018. From DTNS HQ in LA I'm Tom Merritt|
|From studio Feline I'm Sarah Lane|
|Spring has sprung finally in Cleveland! I'm Len Peralta|
|Producer Roger Chang|
|:31||TM||Let's start with a few tech things you should know...|
|play the news segue music here....|
|SL||Facebook's VP of global marketing solutions Carolyn Everson, told the Wall Street Journal she has not seen "wild changes in behavior" regarding privacy settings or account deletion. The company is not anticipating any revenue changes or drops in ad sales.||https://www.engadget.com/2018/04/13/facebook-users-aren-t-changing-privacy-settings/|
|TM||AMD announced its second-generation Ryzen chips will launch April 19 with pre-order opens now. There are two eight-core, 16-thread Ryzen 7 models, the $329 Ryzen 7 2700X and $299 Ryzen 7 2700. And there are two six-core, 12-thread Ryzen 5 chips, the $229 Ryzen 5 2600X, and the $100 Ryzen 5 2600 All four processors come with an AMD Wraith cooling unit free in the box.||https://www.anandtech.com/show/12642/amd-ryzen-2nd-gen-details-4-skus-reviews-19th|
|Let's talk a little more about...|
|:33||SM||Germany's Security Research Lab has discovered several Android phone makers have been skipping updates to the operating system and hiding it from end users. Affected users would see a message in settings the their operating system is up to date despite the most recent patches not being installed. Some manufacturers change the date on the file of the most recent patch on the devices to fool the OS into believing it is up to date. Other manufacturers skip updates and don't hide it. Of 1200 devices tested by SRL, only Google's own Pixel phones included all security patches.||http://www.businessinsider.com/android-phone-makers-caught-lying-about-security-updates-report-2018-4?r=UK&IR=T|
|:35||SL||The Verge has learned that Google's upcoming Gmail redesign will include a "Confiendtial Mode" that can restrict recipients from forwarding, copying, downloading or printing emails. Gmail will also supposedly let users require a passcode sent by SMS to the recipient in order to open an email, as well as set an expiration date, after which emails will be deleted. Google I/O starts May 8 which is the likely place to officially introduce a redesigned Gmail.||https://www.theverge.com/2018/4/13/17233504/gmail-design-confidential-mode-feature|
|:40||SM||A Moscow court granted the Russian communications regulator's request to order ISPs to block Telegram's service in Russia. Russia's FSB security service ordered Telegram to hand over encryption keys so it can read messages of suspected criminials and terrorists. Telegram declined saying it does not control user's keys. Telegram can appeal the decision within 30 days. Telegram founder Pavel Durov posted to VK.com that the company will be able to bypass blocks and continue to provide service.||http://www.bbc.com/news/technology-43752337|
|:42||SL||Comcast's latest Xfinity cable bundle option now includes Netflix. Netflix has been in Comcast's X1 bundle since 2016 and already available as a Comcast add-on, but now part of a standard package. Netflix streaming will still count against Comcast's 1TB data cap though. In a joint statement about the partnership, the companies said around 50 percent of X1 customers are "actively" using Netflix on the platform. Don't forget that a potential merger between HBO-owner Time Warner and AT&T might play into this too.||https://www.engadget.com/2018/04/13/comcast-netflix-cable-bundle/|
|topic reader||To get all the tech headlines each day in about 5 minutes subscribe to dailytechheadlines.com||http://dailytechheadlines.com/|
|play the news segue music here....|
|:45||Motherboard reports local police forces in the US as well as federal agencies have been using a device called GrayKey to unlock iPhones. The device costs $15,000 for a connected version and $30,000 for an offline model. Malwarebytes reported on the box in March and suspects it uses some sort of jailbreak to work. Locked phones are connected to the box for two minutes after which the phone can be disconnected while it unlocks. Phones take from hours to days to unlock depending on the length of the passcode.||https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police|
|Grayshift, Atlanta, Georgia, founded 2016 (50 employees)|
- late 2017 word about GrayKey circulated
|GrayKey unlocks encrypted phones by brute forcing their encryption [[twitter convo]]
"plug into any iOS device. Automatically unlocks device by systematically defeating every layer of protection employed. Controlled by simple web UI, no special training to operate"
Works up to iPhone X on iOS 11, includes older iOS's as well.
This works against passcodes - taking anywhere between 2 hours to 3 days for 6 digit passcodes.
|Likely technical aspects: Replaces iBoot with a tiny custom brute force program. The operator hooks it up to the device, then unhooks it while the modified boot firmware does its thing for a day or a few days, and then hooks it back up for exfilitration once the passcode has been defeated.
Once it is finished, the operator will have access to the full filesystem, as well as the users entire keychain
Notice the "lock status" field which in this example says "Before-First-Unlock." Thats a hint to the mechanism being used to defeat the passcode lockout/ slowdown feature.
|GrayShift is the sole distributor of this product.
Two versions: online option for $15k / 300 extractions. Requires internet connection for license (license is $15k, - the physical product costs $500). Geofence so it can only be used with one network [[can that network be spoofed??? - is it ethernet or wirless?]]
More expensive option is $30k, unlimited extractions, offline, token based 2fa for license authentication with the physical device. Both reflect a yearly pricing schedule. [[2fa... rolling random code I assume? i hope it's not just a one-off pin, like the IRS gives you]]
Way cheaper than Cellebrite $200k
Agencies that have either purchased or are receiving quotes: Secret Service, DEA, FBI
|iPhones encrypt by default now. All you need to do is set up a lock screen.|
Do iPhones need backdoors, since devices like this exist?
I argue against phone cracking devices because eventually, they end up on a bigger market.
Law enforcement could resell it? Device could be stolen, along with 2FA code? What is cheaper one is stolen before set up or the network could be spoofed? What if I stick a LAN tap on the networks line? What if it's geofencing based on IP? Then you could use a VPN so that outbound IP is always the same even if you change networks.
Can I reverse engineer this device? Is IT encrypted?
License cracking is a thing.
If phone of a suspected individual is jailbroken, does it stay jailbroken after received back from police?
What if YOU are suspected of something, even though you know full and well you're innocent. Is your phone screwed?
|tm||Thanks to all those who participate in our subreddit. Submit stories and vote on them at dailytechnewsshow.reddit.com and facebook.com/groups/dailytechnewsshow||http://dailytechnewsshow.reddit.com|
|tm||Let's check the mailbag Sarah|
|sl||Regarding the ban cash episode. One thing I think you guys are forgetting is the need for secret purchases so if you’re buying a gift for a special someone and you don’t want that activity record it in shared bank account cash is really ideal.|
|tm||Tom & Team,|
This article posted the same day you reported on the rare-earth recycling efforts. Although still years away from serving as a resource for these metals, it appears as though there may be other options going forward. If the report is accurate then it would seem that some of these metals aren’t so rare after all.
Enjoy the show tremendously, keep up the great work.
|A study published in Nature's Scientific Reports describes a deposit of hundreds of years worth of rare-earth oxides near Minamitorishima Island Japanese waters. The report says the find contains the equivalent of 780 years' worth of yttrium supply, 620 years of europium, 420 years of terbium and 730 years of dysprosium. China currently dominates the supply of the metals needed for electronics manufacturing.||https://www.cnbc.com/2018/04/12/japan-rare-earths-huge-deposit-of-metals-found-in-pacific.html|
|Check in with Len Peralta||lenperaltastore.com|
|:58||sl||Thanks to Shannon Morse||tekthing.com|
|Patron Thank You||http://www.dailytechnewsshow.com/support|
|tm||(Thank a boss, buy a mug, tell a friend)||http://patreon.com/dtns|
|And please peruse our fine selection of branded gear!||http://dailytechnewsshow.com/store/|
|Hi Tom and Sarah,|
I just pledged on Patreon at the co-executive producer level. I wanted to take a second and share my story and gratitude with you.
DTNS hit my radar after Tech Stuff gave multiple shoutouts. I've been hooked ever since.
I moved outside of the Twin Cities (MN) a few years ago, which resulted in an 80+ mile commute each day. DTNS gets me through my morning commute.
Every morning I hear the call to action to support the show. Spreading the DTNS gospel has been easy. I live for tech and I share relevant knowledge from the show with coworkers and friends. I have been promising myself that if my situation changed, I would support the show financially... and it finally did.
I started a technology consulting business on a part time basis a few months ago. After my first paying customer covered my start up costs, I now have some extra funds that I set aside for my patreon pledge. Finally being able to giving some value back feels very rewarding.
Thank you for sharing incredible daily content. You enrich my mind and morning 4:30 AM drive time. DTNS has helped motivate me to step out and pursue my passion. And for that I am grateful.
Bracing for a Spring blizzard in Minnesota,
|sl||Our email address is email@example.com! We're live M-F at 4:30 PM eastern/20:30 UTC find out more at dailytechnewsshow.com/live.||http://www.reddit.com/r/dailytechnewsshow/|
|tm||Plug Monday's guest: Lamarr Wilson|
|END OF SHOW|
|STOP Twitch Stream|