January 23, 2026 β’ 17 mins
π¨ Tech Friday Recap π¨
This week’s Tech Friday radio segment tackled some serious tech and security issues that affect all of us. π»π
First, we looked at how Ohio lawmakers are pushing to crack down on AI deepfakes π€βοΈ—a growing threat to elections, reputations, and public trust. As the technology gets better, the risks get bigger.
Next, we discussed a major warning: hundreds of millions of audio devices need urgent security patches π§π‘ to prevent wireless hacking and tracking. If you use Bluetooth speakers, headphones, or smart audio gear, this one matters.
Finally, we covered Cisco’s report that Chinese hackers are targeting “high-value” North American critical infrastructure β‘π—a reminder that cyber threats aren’t theoretical, they’re happening now.
Stay informed. Stay updated. Stay secure. ππ‘οΈ
#TechFriday #CyberSecurity #AIDeepfakes #OhioPolitics #Hacking #WirelessSecurity #CriticalInfrastructure #CyberThreats #TechNews #DigitalSafety
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
As the talk station.
Speaker 2 (00:03):
One FIFTU about RCD Talks Station. Brian Thomas right here
always looking forward to this moment in time. During the
fifty five KRSC Morning Show, because it's time for Tech Friday,
brought to you sponsored by a great company, asked the
business courier, who's the best in the business in terms
of dealing with businesses computer needs and get the amount of troubles.
It's in trust it that is Dave Hatter's company, interesst
dot com is where you find them online. Welcome back,
(00:24):
Dave Hatter. And your name came up like eight times
yesterday talking to my mom having more struggles with apps.
Mom thinks apps for the answer, and I just said, listen,
just start for the proposition you are at a technological disadvantage.
You don't understand the tech. And then couple with the
fact that there is a giant cluster of either criminals
or nefarious types out there that want to try to
(00:45):
exploit you one way or another, either by stealing your
money or getting your data. That's what apps help them do.
Don't do it, I mean, just don't do it.
Speaker 1 (00:55):
It's a simple default role.
Speaker 2 (00:57):
I said, unless you can come up with enough pro
for downloading the app that negate those two starting points,
then it's probably not worth it.
Speaker 3 (01:07):
Well, first off, are's always thanks for having me on
and the secondarily, you know, I agree with your basic premise.
You know, I tell people this all the time, despite
thirty years in tech, more than twenty five years as
a programmer building software apps. If you will, I have
the minimum number of apps on my phone. I have
an Apple phone. Apple tends to be more privacy and
(01:28):
security friendly than Android, but they're not without their flaws, folks. Okay,
it's just it's a question of can I get into
a more privacy and security friendly situation, and that's primarily
driven by their business model. You know, Apple sells hardware
and software. Google basically buys and sells your data. As
a matter of fact, just to segue, while I was
(01:49):
loading something up to get ready for this, I mean
Google to pay eight point twenty five million dollars to
settle lawsuit alleging children's privacy violations. There's just a headline
for you I happen to see. So back to my phone,
I have the apps that came on my Apple phone,
and I've probably installed may be six apps that did
not come on the phone. Most of them are related
(02:10):
to my job, and I have things like LinkedIn which
I use on a regular basis primarily related to my
job as well. So yes, less apps better generally speaking
for most people, especially if you're not real privacy and
tech savvy.
Speaker 2 (02:26):
So than thank you very much. Mom, I told you,
and I knew Dave you doubled down on that. I'm
just trying to keep her out of trouble, that's all.
And you know, there's always another source for information out
there that doesn't involve loading your phone up with something
like a simple Internet search like what's Cincinnati weather going
to be like over the next several days? Anyway, Artificial
intelligence crazy stuff we use chat GPT. This morning, I
(02:47):
had Joe churn out a country music song about a
guy with a naked guy with a harp that was
from the stack of stupid. In about two seconds, he
had a three minute song, four versus and a chorus.
It was hilarious. He's going to post it on the
Morning show page. But we have deep fakes form of
explicit content. They're using these AI programs to create pornography,
sometimes involving children. You know how lawmakers apparently want to
(03:07):
do something about it, Davis, can they.
Speaker 3 (03:10):
Well that's a really good question, thank you. So deep
deep when it comes to AI, you and I have
been talking about deep fakes for a long long time now,
because it was really one of the first places where
you could see significant potential problems coming from this technology. Right,
deep fakes have been around for a long time. It's
the idea that I can create a photo, I can
create a video, I can create an audio some combination
(03:32):
of all of the above that increasingly looks unbelievably real
or sounds unbelievably realistic. Right. So, again, this concept is
not new, but as the technology gets better and better
and better and again, to kind of segue off into
a different, different article here, Whired Dredda ran a story
recently Google and open AI's chatbots can strip women in
(03:53):
photos down to their bikinis. So kind of related, right, yeah,
because a deep fake can be I just want to
edit one thing and existing photo to you know, change
its context, change its meaning. Like this WCPO story where
they show Ohio State Representative Adam Matthews, who's apparently a Republican,
standing near a sign that says jd Vance and then
(04:13):
AI was manipulated us. It was used to manipulate that photo.
And I mean, honestly, looking at the photo, you know
now he's standing next to a Harris sign. I don't
There's no way I would be able to tell the
difference between these two photos just looking at it.
Speaker 2 (04:29):
Right, About how lawmakers come up with legislation that's going
to allow them to determine what's real and what's not.
Speaker 3 (04:34):
Well, I don't know, Brian, that's a really good question.
I mean, theoretically, you could say that you have to
put some kind of watermark in something if you use
AI on it. But here's the thing. Bad people, especially
bad people, bad actors offshore in other countries that want
to sow chaos and dissension in this country aren't going
(04:55):
to follow those laws. You know. Could you pass a
law that says you could be penalized for this. Could
you pass the law that tries to hold these companies responsible.
I mean, you get into the same kind of situation,
you know, with it's a little different because let's just say, Facebook, TikTok,
whatever isn't creating certain content necessarily, it's allowing people to
(05:16):
post it. Whereas whereas these tools are actually creating things
from whole cloth. But offhand, I'm not really sure. Again,
other than requiring some kind of disclaimer water mark something
that would say this came from some AI platform, I
(05:36):
don't really know how you would do that.
Speaker 2 (05:38):
Yeah, well, I think we've reached that moment in time
We've been talking about day where you know, you're not
going to believe your own eyes anymore. You can't believe
eyes done.
Speaker 3 (05:46):
We're past that. Yeah, that those days are over. I
mean you can't assume that anything you see or hear
at this point hasn't either been altered or created entirely
by AI. And the technology gets better.
Speaker 2 (05:58):
Well, much in the same way you can't control some
idiot from putting a headline on a newspaper saying that
ice detained a five year old boy in an ice
raid when that never even happened. You know, people are
gonna make stuff up, and they're gonna do it for
their own political interest, nefarious or political, or whatever other
reason they've got. And just start not believing what you
see and quit taking everything for granted that it's real.
(06:19):
We'll bring Dave Hatter back. Hundreds of millions of audio
devices need a pat six about KRC de talk station
Brian Thomas with intrust it dot COM's Dave Hatter. Nice figure,
Dave Hatter. Joe Striker put up the link for this
discussion on the blog pagment Do you have KRC dot com?
Speaker 1 (06:37):
That's that? That is your figure, isn't it?
Speaker 3 (06:43):
Are we talking about the photo of me? I haven't
looked at your blog this year?
Speaker 2 (06:47):
Yeah?
Speaker 3 (06:47):
I know.
Speaker 2 (06:48):
Now I'm just taking you on my listening audience. That
actually is a real picture of Dave Hatter. You can
tell Edie.
Speaker 3 (06:57):
I can't wait to see it. Hold it up here
while we're chatting.
Speaker 1 (07:01):
Yeah.
Speaker 2 (07:02):
Also, try to generate traffic over the fifty five KRC
dot com page so they check you out and then
can hear what you have to say.
Speaker 1 (07:08):
Anyhow, sorry to take you down that road.
Speaker 2 (07:10):
Hundreds of millions of audio devices apparently need a patch.
What's this one all about? Is this kind of like
a Bluetooth thing?
Speaker 3 (07:16):
Yes? It is, and really it gets back to the
point though to some extent you made about your mom.
One of the reasons why the less apps you have,
the less so called smart devices you have, is the
less risk you have by exposure through these kinds of flaws. Okay, So,
just as a reminder, folks, an app is nothing but software.
A so called smart device has software in it. You know,
(07:38):
you've heard me, and if you pay any attention to
this sector at all, people like me talk about patching
your software over and over and over, right, the patch
Tuesday for Microsoft, all these sort of things. Right, if
something has software in it, your car, your doorbell, your refrigerator,
your thermostat, whatever, guaranteed, because human beings wrote that software,
(07:59):
it will have bugs, will have flaws that allow bad
guys to potentially exploit the software to attack the device
and then potentially other devices. So again, the less of
this stuff you have, the less exposure you have to
this kind of risk. So in this case, apparently Google, Now,
as you know, Brian, I generally try to avoid things
from Google, so this isn't really a problem for me.
(08:21):
But apparently they created something called fast pair, which is
a protocol to allow you to basically with one tap
connect to you or Bluetooth devices to Android devices, Chrome books,
that sort of thing. Okay, So, and this is the
biggest part of this problem in my mind. So much
of these things do make your life easier and more
(08:42):
convenient to a point, right as you and I discuss.
I mean, I've been on this earth for fifty plus years.
Most of it I didn't have any of this stuff,
and I've done just fine. So I understand the wow
factor of some of this stuff. I understand the convenience
factor of some of this stuff. And again, you know
I want to have to go through fifteen steps to
hook up my wireless headphones. No, if I can just
(09:04):
press one button. But pressing the one button requires more software,
more software because it's more guarantees, more bugs, more flaws,
more patching, etc. And So my bigger point of all
of this is again your ring doorbell, your nest thermostat
all of these things have software in them. If you
don't know how to configure it correctly, if you don't
(09:25):
know how to update it, and probably of equal importance,
when they stop putting out updates for it because they've
moved on to a new product, there's risk for you.
So this particular case again Google fast Pair. There are
millions of devices out there that use this, and apparently
there's a fairly significant flaw. Numerous outlets have written about this.
(09:46):
So let me just to start the fast pair process.
A seeker phone sends a message to the provider and
accessory indicating it wants to pair. The fast pair specification
states that the accessory is not in pairing mode, it
should disregard the message. Some devices fail to check this,
allowing on authoriss devices to start the pairing process. After
receiving reply, an attacker can finish the fast pair procedure,
(10:08):
establishing a regular Bluetooth pairing Now, is this the greatest
thing in the world or the greatest flaw in the world.
Is a hacker going to be able to sit down
the street from you and potentially attack your devices, get
to your computer, get into your work environment or your bank,
and steal all your money. Probably not, because Bluetooth has
a real You have to be fairly close for a
Bluetooth device to work. In most cases it's around thirty
(10:30):
three feet, maybe a little longer, depends on all kinds
of environmental conditions. The big thing for me, though, is
this is just another example that shows you. Do you
think the average person even knows this is a flaw,
And if they do, do you think they know their
devices might have it? And even if they do, do
you think they know how to fix it or will
the device even support fixing it. And the longer you
(10:52):
go without fixing a flaw in your devices, whatever that
might be, the more exposure you have because more bad
actors will learn about the flaw, and depending on what
it is and how it can be accessed, it creates
risk for you and your family, your business, your work, etc.
So if you have Google devices, I suggest you look
(11:13):
into this. It would be good to patch these flaws.
But again, in many cases this is some sort of
third party headphones or something. It's a tricky one, but
it gets to the heart of what I keep trying
to tell people all the time. All of this stuff
does not but it does not favor the consumer right.
It's speed to market, market share, ease of use. The
(11:35):
stuff goes out of life soon, meaning it doesn't get
updates from the vendor. You don't know how to set
it up right, you don't know how to keep it updated,
you don't know when it goes into life. The less
of this stuff you have until the business model changes,
the better off you will be. And this is just
yet another of dozens and dozens and dozens of these examples.
Why the less so called smart devices apps et cetera.
(11:58):
You have the better off.
Speaker 2 (11:58):
You are, Amen, underscore in bold underline, Tell your friends
and neighbors six forty seven. Right now one more with
intrust its Dave Hatter. Now we can hear from corner
sixty two fifty five KERCIT talkstation Brian Thomas with Dave Hatter.
Interest It dot com is where you find him, and
also on LinkedIn. You go to LinkedIn dot com just
search for Dave Hatter. He has all the articles that
(12:19):
he talks about during this segment of the program, and
that's some It's a worthy endeavor to stay up with
him throughout the week as well. Chinese hackers again at
Chinese Communist Party up to no Good again, Dave Hatter, Yeah.
Speaker 3 (12:31):
I know this is a chocker, Brian. And also, you know,
all this stuff we talk about on here, I'm sharing
on X two if X is easier for people, but
you know, I'm trying to throughout them week put out
as much information about this stuff that I think will
be helpful for people, to help people understand the risks
and hopefully make smarter decisions. Because at the end of
the day, Brian, if you make a risk informed decision,
(12:53):
you understand what you're signing up for with all this stuff.
You read the terms of service, the privacy policy, all
of which, as you know, will be eighty page legal
mumbo jumbo confuse opoly, and you decide to proceed. Well,
you're an adult, okay, have at it exactly right. But
my issue was all of this stuff at the end
of the day really is again it does not favor
the consumer, as I mentioned in the last segment, and
(13:16):
most people don't really understand the risk, both the cybersecurity
risk or the privacy risk of this stuff. So with
all of that said, yeah, here we are again. Probably
in the last five or six years, you and I
have discussed this pretty much relentlessly because it just keeps
hitting the news. Right, So headline Chinese hackers targeting high
value North American critical infrastructure, Cisco says for people who
(13:38):
don't know, you know, Cisco is one of the largest
and oldest major tech companies out there. They make a
lot of the equipment that powers the Internet and the
networking infrastructure that makes this work, switches, routers, et cetera.
So you know this are these are people that know
what they're talking about. Is my point. Again. Cisco has
been around for a long time, and you know, in
(13:59):
the business from an enterprise grade professional standpoint, they're you know,
one of the vendors chosen most often by people. So
we've heard DHS warn't about this, we'd we've heard FBI
warn't about this, we've heard scission worn about this. Sciss
of the Cybersecurity and Infrastructure Security Agency, part of DHS.
(14:22):
I have been trying to explain to people for a
long time. When the Internet was originally designed back in
the late sixties and early seventies, right, the underlying protocols,
the technologies that make it work were not designed with
security in mind. Right, they were disclad they could make
it work at all. Over time, as it's expanded and
people have loaded more and more stuff on the Internet,
(14:43):
and now we basically live in this digital world, all
powered by the technology that drives the Internet. I mean,
you don't even really hear people talk about the internet
first say anymore. And internet really just means internetwork, right,
A network connected to another network connected to another network.
That's really all it is. All these different networks that
are connected. They all use the same protocols or rules
(15:03):
to talk to each other, and all of that stuff
again was designed back at a time when security was
not a concern. So you know, fast forward to now
you've got all this mission critical stuff. Our entile society
runs off of this. And while you can apply security
to this, typically you're trying to retro fit it in.
It's creating friction, It creates costs that causes problems. Right,
(15:26):
So you've got a situation too, where as you stack
more and more stuff on this going back to the
point I made before, more and more software, more and
more flaws, it creates opportunities for people that really understand
how this stuff works to try to exploit these flaws,
to try to exploit the inherent vulnerabilities in this stuff
(15:47):
if it's not hatched and it's not set up correctly. Right,
And this is just another example. So here from this article,
Chinese hackers successfully breached multiple critical infrastructure organizations in North
America over the last year. You're using a combination of
compromised credentials and exploitable servers. Researchers at Cisco Talos foun
Tellos is their security focus group. They research this stuff,
(16:09):
they look for flaws, they try to help other vendors
fix these problems. Now there's two key points there. Exploitable servers.
That's the it's not patched, it doesn't have the latest updates,
it's not set up correctly, it has an inherent flaw
that can't be patched because it's too old and it
needs to be replaced. But compromise credentials. This gets back
to people use bad passwords. They use the same bad
(16:33):
passwords across multiple systems. They don't use multi factor authentication
or other technologies that can make it more difficult to
log in, hence account takeover attacks. So even though I
talk about this stuff calin blue in the face, you know,
you see these examples out in the real world. Now,
is it bad, Brian? If hackers do an account takeover
(16:54):
because you have a bad password and know MFA, get
into your company email and eventually steal all your money
and put you out of business, Yeah, that's pretty bad.
But is it Is it even worse when they can
get into the electrical grid or the water systems, or
let's say, uh, you know, some railroads somewhere and cause
a train full of chlorine gas to derail. Yeah, that's
(17:16):
a lot worse.
Speaker 2 (17:16):
We call that a rhetorical question. Dave we're out of time,
my friend. You want to sum it up the critical
infrastructure critically.
Speaker 3 (17:21):
We gotta fix it, Brian gott to fix.
Speaker 2 (17:23):
It priority number one for all elected officials from local
to federal. That's the bottom line. Yes, Dave had our
intrust it dot com. Where you find him and his
crew for your business computer needs. Find him at LinkedIn
dot com and follow him on x get all the
articles and documents, and tune in every Friday at six
point thirty for h well some sound advice. Dave, Thank
you very much, have a great weekend, stay safe, and
(17:45):
we'll look forward to next Friday again. Coming up Corey
Bowman with well stuff and
As the talk station.
Speaker 2 (00:03):
One FIFTU about RCD Talks Station. Brian Thomas right here
always looking forward to this moment in time. During the
fifty five KRSC Morning Show, because it's time for Tech Friday,
brought to you sponsored by a great company, asked the
business courier, who's the best in the business in terms
of dealing with businesses computer needs and get the amount of troubles.
It's in trust it that is Dave Hatter's company, interesst
dot com is where you find them online. Welcome back,
(00:24):
Dave Hatter. And your name came up like eight times
yesterday talking to my mom having more struggles with apps.
Mom thinks apps for the answer, and I just said, listen,
just start for the proposition you are at a technological disadvantage.
You don't understand the tech. And then couple with the
fact that there is a giant cluster of either criminals
or nefarious types out there that want to try to
(00:45):
exploit you one way or another, either by stealing your
money or getting your data. That's what apps help them do.
Don't do it, I mean, just don't do it.
Speaker 1 (00:55):
It's a simple default role.
Speaker 2 (00:57):
I said, unless you can come up with enough pro
for downloading the app that negate those two starting points,
then it's probably not worth it.
Speaker 3 (01:07):
Well, first off, are's always thanks for having me on
and the secondarily, you know, I agree with your basic premise.
You know, I tell people this all the time, despite
thirty years in tech, more than twenty five years as
a programmer building software apps. If you will, I have
the minimum number of apps on my phone. I have
an Apple phone. Apple tends to be more privacy and
(01:28):
security friendly than Android, but they're not without their flaws, folks. Okay,
it's just it's a question of can I get into
a more privacy and security friendly situation, and that's primarily
driven by their business model. You know, Apple sells hardware
and software. Google basically buys and sells your data. As
a matter of fact, just to segue, while I was
(01:49):
loading something up to get ready for this, I mean
Google to pay eight point twenty five million dollars to
settle lawsuit alleging children's privacy violations. There's just a headline
for you I happen to see. So back to my phone,
I have the apps that came on my Apple phone,
and I've probably installed may be six apps that did
not come on the phone. Most of them are related
(02:10):
to my job, and I have things like LinkedIn which
I use on a regular basis primarily related to my
job as well. So yes, less apps better generally speaking
for most people, especially if you're not real privacy and
tech savvy.
Speaker 2 (02:26):
So than thank you very much. Mom, I told you,
and I knew Dave you doubled down on that. I'm
just trying to keep her out of trouble, that's all.
And you know, there's always another source for information out
there that doesn't involve loading your phone up with something
like a simple Internet search like what's Cincinnati weather going
to be like over the next several days? Anyway, Artificial
intelligence crazy stuff we use chat GPT. This morning, I
(02:47):
had Joe churn out a country music song about a
guy with a naked guy with a harp that was
from the stack of stupid. In about two seconds, he
had a three minute song, four versus and a chorus.
It was hilarious. He's going to post it on the
Morning show page. But we have deep fakes form of
explicit content. They're using these AI programs to create pornography,
sometimes involving children. You know how lawmakers apparently want to
(03:07):
do something about it, Davis, can they.
Speaker 3 (03:10):
Well that's a really good question, thank you. So deep
deep when it comes to AI, you and I have
been talking about deep fakes for a long long time now,
because it was really one of the first places where
you could see significant potential problems coming from this technology. Right,
deep fakes have been around for a long time. It's
the idea that I can create a photo, I can
create a video, I can create an audio some combination
(03:32):
of all of the above that increasingly looks unbelievably real
or sounds unbelievably realistic. Right. So, again, this concept is
not new, but as the technology gets better and better
and better and again, to kind of segue off into
a different, different article here, Whired Dredda ran a story
recently Google and open AI's chatbots can strip women in
(03:53):
photos down to their bikinis. So kind of related, right, yeah,
because a deep fake can be I just want to
edit one thing and existing photo to you know, change
its context, change its meaning. Like this WCPO story where
they show Ohio State Representative Adam Matthews, who's apparently a Republican,
standing near a sign that says jd Vance and then
(04:13):
AI was manipulated us. It was used to manipulate that photo.
And I mean, honestly, looking at the photo, you know
now he's standing next to a Harris sign. I don't
There's no way I would be able to tell the
difference between these two photos just looking at it.
Speaker 2 (04:29):
Right, About how lawmakers come up with legislation that's going
to allow them to determine what's real and what's not.
Speaker 3 (04:34):
Well, I don't know, Brian, that's a really good question.
I mean, theoretically, you could say that you have to
put some kind of watermark in something if you use
AI on it. But here's the thing. Bad people, especially
bad people, bad actors offshore in other countries that want
to sow chaos and dissension in this country aren't going
(04:55):
to follow those laws. You know. Could you pass a
law that says you could be penalized for this. Could
you pass the law that tries to hold these companies responsible.
I mean, you get into the same kind of situation,
you know, with it's a little different because let's just say, Facebook, TikTok,
whatever isn't creating certain content necessarily, it's allowing people to
(05:16):
post it. Whereas whereas these tools are actually creating things
from whole cloth. But offhand, I'm not really sure. Again,
other than requiring some kind of disclaimer water mark something
that would say this came from some AI platform, I
(05:36):
don't really know how you would do that.
Speaker 2 (05:38):
Yeah, well, I think we've reached that moment in time
We've been talking about day where you know, you're not
going to believe your own eyes anymore. You can't believe
eyes done.
Speaker 3 (05:46):
We're past that. Yeah, that those days are over. I
mean you can't assume that anything you see or hear
at this point hasn't either been altered or created entirely
by AI. And the technology gets better.
Speaker 2 (05:58):
Well, much in the same way you can't control some
idiot from putting a headline on a newspaper saying that
ice detained a five year old boy in an ice
raid when that never even happened. You know, people are
gonna make stuff up, and they're gonna do it for
their own political interest, nefarious or political, or whatever other
reason they've got. And just start not believing what you
see and quit taking everything for granted that it's real.
(06:19):
We'll bring Dave Hatter back. Hundreds of millions of audio
devices need a pat six about KRC de talk station
Brian Thomas with intrust it dot COM's Dave Hatter. Nice figure,
Dave Hatter. Joe Striker put up the link for this
discussion on the blog pagment Do you have KRC dot com?
Speaker 1 (06:37):
That's that? That is your figure, isn't it?
Speaker 3 (06:43):
Are we talking about the photo of me? I haven't
looked at your blog this year?
Speaker 2 (06:47):
Yeah?
Speaker 3 (06:47):
I know.
Speaker 2 (06:48):
Now I'm just taking you on my listening audience. That
actually is a real picture of Dave Hatter. You can
tell Edie.
Speaker 3 (06:57):
I can't wait to see it. Hold it up here
while we're chatting.
Speaker 1 (07:01):
Yeah.
Speaker 2 (07:02):
Also, try to generate traffic over the fifty five KRC
dot com page so they check you out and then
can hear what you have to say.
Speaker 1 (07:08):
Anyhow, sorry to take you down that road.
Speaker 2 (07:10):
Hundreds of millions of audio devices apparently need a patch.
What's this one all about? Is this kind of like
a Bluetooth thing?
Speaker 3 (07:16):
Yes? It is, and really it gets back to the
point though to some extent you made about your mom.
One of the reasons why the less apps you have,
the less so called smart devices you have, is the
less risk you have by exposure through these kinds of flaws. Okay, So,
just as a reminder, folks, an app is nothing but software.
A so called smart device has software in it. You know,
(07:38):
you've heard me, and if you pay any attention to
this sector at all, people like me talk about patching
your software over and over and over, right, the patch
Tuesday for Microsoft, all these sort of things. Right, if
something has software in it, your car, your doorbell, your refrigerator,
your thermostat, whatever, guaranteed, because human beings wrote that software,
(07:59):
it will have bugs, will have flaws that allow bad
guys to potentially exploit the software to attack the device
and then potentially other devices. So again, the less of
this stuff you have, the less exposure you have to
this kind of risk. So in this case, apparently Google, Now,
as you know, Brian, I generally try to avoid things
from Google, so this isn't really a problem for me.
(08:21):
But apparently they created something called fast pair, which is
a protocol to allow you to basically with one tap
connect to you or Bluetooth devices to Android devices, Chrome books,
that sort of thing. Okay, So, and this is the
biggest part of this problem in my mind. So much
of these things do make your life easier and more
(08:42):
convenient to a point, right as you and I discuss.
I mean, I've been on this earth for fifty plus years.
Most of it I didn't have any of this stuff,
and I've done just fine. So I understand the wow
factor of some of this stuff. I understand the convenience
factor of some of this stuff. And again, you know
I want to have to go through fifteen steps to
hook up my wireless headphones. No, if I can just
(09:04):
press one button. But pressing the one button requires more software,
more software because it's more guarantees, more bugs, more flaws,
more patching, etc. And So my bigger point of all
of this is again your ring doorbell, your nest thermostat
all of these things have software in them. If you
don't know how to configure it correctly, if you don't
(09:25):
know how to update it, and probably of equal importance,
when they stop putting out updates for it because they've
moved on to a new product, there's risk for you.
So this particular case again Google fast Pair. There are
millions of devices out there that use this, and apparently
there's a fairly significant flaw. Numerous outlets have written about this.
(09:46):
So let me just to start the fast pair process.
A seeker phone sends a message to the provider and
accessory indicating it wants to pair. The fast pair specification
states that the accessory is not in pairing mode, it
should disregard the message. Some devices fail to check this,
allowing on authoriss devices to start the pairing process. After
receiving reply, an attacker can finish the fast pair procedure,
(10:08):
establishing a regular Bluetooth pairing Now, is this the greatest
thing in the world or the greatest flaw in the world.
Is a hacker going to be able to sit down
the street from you and potentially attack your devices, get
to your computer, get into your work environment or your bank,
and steal all your money. Probably not, because Bluetooth has
a real You have to be fairly close for a
Bluetooth device to work. In most cases it's around thirty
(10:30):
three feet, maybe a little longer, depends on all kinds
of environmental conditions. The big thing for me, though, is
this is just another example that shows you. Do you
think the average person even knows this is a flaw,
And if they do, do you think they know their
devices might have it? And even if they do, do
you think they know how to fix it or will
the device even support fixing it. And the longer you
(10:52):
go without fixing a flaw in your devices, whatever that
might be, the more exposure you have because more bad
actors will learn about the flaw, and depending on what
it is and how it can be accessed, it creates
risk for you and your family, your business, your work, etc.
So if you have Google devices, I suggest you look
(11:13):
into this. It would be good to patch these flaws.
But again, in many cases this is some sort of
third party headphones or something. It's a tricky one, but
it gets to the heart of what I keep trying
to tell people all the time. All of this stuff
does not but it does not favor the consumer right.
It's speed to market, market share, ease of use. The
(11:35):
stuff goes out of life soon, meaning it doesn't get
updates from the vendor. You don't know how to set
it up right, you don't know how to keep it updated,
you don't know when it goes into life. The less
of this stuff you have until the business model changes,
the better off you will be. And this is just
yet another of dozens and dozens and dozens of these examples.
Why the less so called smart devices apps et cetera.
(11:58):
You have the better off.
Speaker 2 (11:58):
You are, Amen, underscore in bold underline, Tell your friends
and neighbors six forty seven. Right now one more with
intrust its Dave Hatter. Now we can hear from corner
sixty two fifty five KERCIT talkstation Brian Thomas with Dave Hatter.
Interest It dot com is where you find him, and
also on LinkedIn. You go to LinkedIn dot com just
search for Dave Hatter. He has all the articles that
(12:19):
he talks about during this segment of the program, and
that's some It's a worthy endeavor to stay up with
him throughout the week as well. Chinese hackers again at
Chinese Communist Party up to no Good again, Dave Hatter, Yeah.
Speaker 3 (12:31):
I know this is a chocker, Brian. And also, you know,
all this stuff we talk about on here, I'm sharing
on X two if X is easier for people, but
you know, I'm trying to throughout them week put out
as much information about this stuff that I think will
be helpful for people, to help people understand the risks
and hopefully make smarter decisions. Because at the end of
the day, Brian, if you make a risk informed decision,
(12:53):
you understand what you're signing up for with all this stuff.
You read the terms of service, the privacy policy, all
of which, as you know, will be eighty page legal
mumbo jumbo confuse opoly, and you decide to proceed. Well,
you're an adult, okay, have at it exactly right. But
my issue was all of this stuff at the end
of the day really is again it does not favor
the consumer, as I mentioned in the last segment, and
(13:16):
most people don't really understand the risk, both the cybersecurity
risk or the privacy risk of this stuff. So with
all of that said, yeah, here we are again. Probably
in the last five or six years, you and I
have discussed this pretty much relentlessly because it just keeps
hitting the news. Right, So headline Chinese hackers targeting high
value North American critical infrastructure, Cisco says for people who
(13:38):
don't know, you know, Cisco is one of the largest
and oldest major tech companies out there. They make a
lot of the equipment that powers the Internet and the
networking infrastructure that makes this work, switches, routers, et cetera.
So you know this are these are people that know
what they're talking about. Is my point. Again. Cisco has
been around for a long time, and you know, in
(13:59):
the business from an enterprise grade professional standpoint, they're you know,
one of the vendors chosen most often by people. So
we've heard DHS warn't about this, we'd we've heard FBI
warn't about this, we've heard scission worn about this. Sciss
of the Cybersecurity and Infrastructure Security Agency, part of DHS.
(14:22):
I have been trying to explain to people for a
long time. When the Internet was originally designed back in
the late sixties and early seventies, right, the underlying protocols,
the technologies that make it work were not designed with
security in mind. Right, they were disclad they could make
it work at all. Over time, as it's expanded and
people have loaded more and more stuff on the Internet,
(14:43):
and now we basically live in this digital world, all
powered by the technology that drives the Internet. I mean,
you don't even really hear people talk about the internet
first say anymore. And internet really just means internetwork, right,
A network connected to another network connected to another network.
That's really all it is. All these different networks that
are connected. They all use the same protocols or rules
(15:03):
to talk to each other, and all of that stuff
again was designed back at a time when security was
not a concern. So you know, fast forward to now
you've got all this mission critical stuff. Our entile society
runs off of this. And while you can apply security
to this, typically you're trying to retro fit it in.
It's creating friction, It creates costs that causes problems. Right,
(15:26):
So you've got a situation too, where as you stack
more and more stuff on this going back to the
point I made before, more and more software, more and
more flaws, it creates opportunities for people that really understand
how this stuff works to try to exploit these flaws,
to try to exploit the inherent vulnerabilities in this stuff
(15:47):
if it's not hatched and it's not set up correctly. Right,
And this is just another example. So here from this article,
Chinese hackers successfully breached multiple critical infrastructure organizations in North
America over the last year. You're using a combination of
compromised credentials and exploitable servers. Researchers at Cisco Talos foun
Tellos is their security focus group. They research this stuff,
(16:09):
they look for flaws, they try to help other vendors
fix these problems. Now there's two key points there. Exploitable servers.
That's the it's not patched, it doesn't have the latest updates,
it's not set up correctly, it has an inherent flaw
that can't be patched because it's too old and it
needs to be replaced. But compromise credentials. This gets back
to people use bad passwords. They use the same bad
(16:33):
passwords across multiple systems. They don't use multi factor authentication
or other technologies that can make it more difficult to
log in, hence account takeover attacks. So even though I
talk about this stuff calin blue in the face, you know,
you see these examples out in the real world. Now,
is it bad, Brian? If hackers do an account takeover
(16:54):
because you have a bad password and know MFA, get
into your company email and eventually steal all your money
and put you out of business, Yeah, that's pretty bad.
But is it Is it even worse when they can
get into the electrical grid or the water systems, or
let's say, uh, you know, some railroads somewhere and cause
a train full of chlorine gas to derail. Yeah, that's
(17:16):
a lot worse.
Speaker 2 (17:16):
We call that a rhetorical question. Dave we're out of time,
my friend. You want to sum it up the critical
infrastructure critically.
Speaker 3 (17:21):
We gotta fix it, Brian gott to fix.
Speaker 2 (17:23):
It priority number one for all elected officials from local
to federal. That's the bottom line. Yes, Dave had our
intrust it dot com. Where you find him and his
crew for your business computer needs. Find him at LinkedIn
dot com and follow him on x get all the
articles and documents, and tune in every Friday at six
point thirty for h well some sound advice. Dave, Thank
you very much, have a great weekend, stay safe, and
(17:45):
we'll look forward to next Friday again. Coming up Corey
Bowman with well stuff and
Brian Thomas News
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Business History
Itβs the history of business. How did Hitlerβs favorite car become synonymous with hippies? What got Thomas Edison tangled up with the electric chair? Did someone murder the guy who invented the movies? Former Planet Money hosts Jacob Goldstein and Robert Smith examine the surprising stories of businesses big and small and find out what you can learn from those who founded them.