The Rise of Cellular IoT

Connecting all our stuff to the internet – making devices “smart” – brings with it a lot of risks. Besides the more obvious cybersecurity vulnerabilities, these devices are also collecting a lot of personal data, offsetting razor thin profit margins by monetizing our data. In most cases, we can limit this data exfiltration using outbound firewalls and DNS services, or just by disconnecting the devices from the internet altogether. But lately I’ve been seeing devices coming configured with cellular data connections, which would effectively bypass your home network entirely – and therefore your ability to block or control the data flow.

In other news: 1Passwords discloses security breach; Drug makers to pay 23andMe for access to your DNA; EFF publishes guidance for 23andMe customers after further data breach; Apple’s private Wi-Fi MAC address feature has never worked right, until now; Hackers find side-channel attack on Apple Silicon to pull private data from Safari browsers; Windows PCs targeted with new malware; YouTube is waging a new way on ad blockers; Apple’s iMessage has new method to thwart ‘ghost’ listeners; the White House releases sweeping executive order on AI; Pew publishes new study on data privacy views.

Article Links

1. [BleepingComputer] 1Password discloses security incident linked to Okta breach https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/
2. [Bloomberg] Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA https://www.bloomberg.com/news/articles/2023-10-30/23andme-will-give-gsk-access-to-consumer-dna-data
3. [Electronic Frontier Foundation] What to Do If You’re Concerned About the 23andMe Breach https://www.eff.org/deeplinks/2023/10/what-do-if-youre-concerned-about-23andme-breach
4. [AppleInsider] Apple’s private Wi-Fi MAC addresses were security theater until iOS 17.1 https://appleinsider.com/articles/23/10/27/apples-private-wi-fi-mac-addresses-were-security-theater-until-ios-171
5. [Ars Technica] Hackers can force iOS and macOS browsers to divulge passwords and much more https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/
6. [TechRadar] Windows PCs are being targeted with a nasty new malware – here’s what you need to know https://www.techradar.com/pro/security/windows-pcs-are-being-targeted-with-a-nasty-new-malware-heres-what-you-need-to-know
7. [404media.co] YouTube’s ‘War’ on Adblockers Shows How Google Controls the Internet https://www.404media.co/youtubes-war-on-adblockers-shows-how-google-controls-the-internet/
8. [9to5mac.com] iMessage Contact Key Verification blocks the ‘ghost proposal’ plan by government spy agency https://9to5mac.com/2023/10/30/imessage-contact-key-verification-reason/
9. [Mashable] White House drops an AI regulation bombshell: 10 new mandates that’ll shake up the industry https://mashable.com/article/white-house-drops-ai-regulation-bombshell
10. [pewresearch.org] How Americans View Data Privacy https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/
11. Tip of the Week: The Rise of Cellular IoT https://firewallsdontstopdragons.com/the-rise-of-cellular-iot/  

Further Info

• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Send me your questions! https://fdsd.me/qna 
• Support our mission! https://fdsd.me/support 
• Subscribe to the newsletter: https://fdsd.me/newsletter 
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
• Generate secure passphrases! https://d20key.com/#/ 

Table of Contents

Use these timestamps to jump to a particular section of the show.

• 0:00:56: News rundown
• 0:03:11: 1Password discloses security incident linked to Okta breach
• 0:06:09: Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA
• 0:10:08: What to Do If You’re Concerned About the 23andMe Breach
• 0:16:32: Apple’s private Wi-Fi MAC addresses were security theater until iOS 17.1
• 0:18:59: Hackers can force iOS and macOS browsers to divulge private data
• 0:25:14: Windows PCs are being targeted with a nasty new malware
• 0:30:24: YouTube’s ‘War’ on Adblockers Shows How Google Controls the Internet
• 0:38:48: iMessage Contact Key Verification blocks the ‘ghost proposal’ plan by government spy agency
• 0:43:50: White House drops an AI regulation bombshell
• 0:49:53: How Americans View Data Privacy
• 0:54:33: Tip of the Week: The Cellular IoT Bypass
• 1:03:14: Wrap-up