Google's Decision to Delay Disclosure of Four Vulnerabilities That Allow for the Internet to Baseband Remote Code Execution

Marketers are desperately trying to follow us as we traverse the web. Tracking where we go and what we do allows them to better target us with ads. Browsers have built in protections to block older tracking techniques like cookies and tracking pixels, and so ad companies have had find new methods for identifying us across websites. Unfortunately, they’ve settled on a technique that is extremely difficult to defeat: fingerprinting. I’ll explain what is, how it works, and what you can do to mitigate it.

In other news: Google is warning Android users to update their devices right away in order to fix some truly nasty bugs; hackers are using malicious Chrome extensions to read your Gmail and potentially hack your Android device; popular fertility apps are collecting ridiculous amounts of highly personal data and sharing it with partners; scammers are using AI to simulate voices of people you know to steal your money; CISA has launched a great new ransomware vulnerability pilot program; I’ll tell you why you should opt out of sharing your data with your mobile service provider; America’s threatening to ban TikTok but this won’t fix the real problem; the IRS is supposed to be moving away from ID.me authentication.

Article Links

1. [Naked Security] Dangerous Android phone 0-day bugs revealed – patch or work around them now! https://nakedsecurity.sophos.com/2023/03/17/dangerous-android-phone-0-day-bugs-revealed-patch-or-work-around-them-now/
2. [Tom’s Guide] Hackers are stealing Gmail messages — delete this extension right now https://www.tomsguide.com/news/hackers-are-stealing-gmail-messages-delete-this-extension-right-now
3. [The Conversation] Popular fertility apps are engaging in widespread misuse of data, including on sex, periods and pregnancy https://theconversation.com/popular-fertility-apps-are-engaging-in-widespread-misuse-of-data-including-on-sex-periods-and-pregnancy-202127
4. [consumer.ftc.gov] Scammers use AI to enhance their family emergency schemes https://consumer.ftc.gov/consumer-alerts/2023/03/scammers-use-ai-enhance-their-family-emergency-schemes
5. [cisa.gov] CISA Establishes Ransomware Vulnerability Warning Pilot Program https://www.cisa.gov/news-events/news/cisa-establishes-ransomware-vulnerability-warning-pilot-program
6. [briankrebs] Why You Should Opt Out of Sharing Data With Your Mobile Provider https://krebsonsecurity.com/2023/03/why-you-should-opt-out-of-sharing-data-with-your-mobile-provider/
7. [The Washington Post] America’s online privacy problems are much bigger than TikTok https://www.washingtonpost.com/technology/2023/03/24/tiktok-online-privacy-laws/
8. Dear Carey: IRS plans to approve use of Login-dot-gov as Tax Day nears https://www.fcw.com/it-modernization/2023/03/plans-approve-use-login-dot-gov-tax-day-nears/383934/ 
9. Tip of the Week: https://firewallsdontstopdragons.com/how-to-block-web-fingerprinting/ 

Further Info

• Syncthing: https://syncthing.net/ 
• KeePassXC: https://keepassxc.org/ 
• IP address black list check: https://whatismyipaddress.com/blacklist-check 
• EFF on TikTok: https://www.eff.org/deeplinks/2023/03/government-hasnt-justified-tiktok-ban
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
• Send me your questions! https://fdsd.me/qna 
• Support our mission! https://fdsd.me/support 
• Subscribe to the newsletter: https://fdsd.me/newsletter 
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
• Generate secure passphrases! https://d20key.com/#/ 

Table of Contents

Use these timestamps to jump to a particular section of the show.

• 0:01:49: Local password vault sync solution
• 0:05:07: News preview
• 0:06:47: Dangerous Android Baseband Bugs Patched
• 0:18:19: Hackers stealing Gmail messages via browser plugin
• 0:22:29: Popular fertility apps are engaging in widespread misuse of data
• 0:29:59: Scammers use voice AI to fool relatives
• 0:34:12: CISA establishes ransomware vulnerability program
• 0:37:05: Opting Out of Sharing Data With Your Mobile Provider
• 0:44:06: The latest on banning TikTok
• 0:49:05: Dear Carey: Do I have to use ID.me to log in to my IRS account?
• 0:52:55: Tip of the Week: Blocking Web Fingerprinting
• 1:04:38: Wrap-up