Bloomberg published a story that China's PRC had installed a tiny chip the size of a grain of rice on all Elemental SuperMicro Motherboard, giving them access to a treasure trove of corporation and national security secrets. These boards are used widely in corporations and even the Department of Defense. Leo says the article was well researched, well sourced, but the day after it was published, everyone, including corporations where 17 unidentified sources worked, have denied it. Even the US Department of Homeland security and the UK CyberSecurity Ministry.
Ellen is concerned that with a camera, microphone and GPS, that her phone could be spying on her. Rich says that one company, ZTE, was banned in the US because its phone was collecting user information and phoning home with it. But Rich says that was probably a software issue. Phones aren't really spying on people, per se. But when she signs up for free services like Facebook, they are aggregating a lot of user behavior that is used to push ads to her. It seems like spying, but it's more that it provides information for her based on her interests and online behavior.
Mark wants to know if Amazon Echo is going to be used in cars. Leo says it will. In fact, Leo just installed one in his. And we'll soon see Google's Assistant there, too. It's the next big thing in computing. Mark is also concerned that Echo could be used to spy on him. Leo says that's possible. But Leo doesn't think Amazon wants to manage all that information and the risk to its business if it was discovered that Amazon was snooping on customers would be devastating. But then again, law enforcement could always subpoena to have access to it.
This week, the US Army issued a directive ordering soldiers to not use DJI drones and other UAVs due to cyber vulnerabilities and the potential for spying by the devices on the battlefield. DJI is shocked by the move without consultation. What would be the threat? Leo says that drones have radios and GPS, and often have internet connectivity. So it's possible that drones could be taken over by a third party and used for spying, especially for mapping terrain. But Leo says it's also likely there's could be a certain amount of paranoia at work here.
Most of the exploits and listening techniques reported by the information from Wikileaks Vault 7 indicate that the CIA can use to eavesdrop are mostly targeted tools, and not the blanket surveillance hacks that were originally reported.
Citizenfour is an Academy Award winning documentary on the story of Edward Snowden. He was a contractor for the NSA as a systems administrator working out of Hawaii, and that's how he was able to obtain information. What he did with that information is what became so controversial. He went to Hong Kong, and contacted journalists to give them this information he had collected, but didn't want anything released that would risk the lives of government operatives. Instead, he wanted journalists to tell the world, Americans in particular, what the NSA had been up to.
The most recent leak from Edward Snowden is about an NSA program called "Quantum." The Intercept, a publication created to release this information, claims that this quantum tool weaponizes the internet. It is a malware tool that can infect machines at an industrial scale exploitation. The agency has malware tools that could infect millions of computers worldwide that allows them to eavesdrop on the computer's owner. It can covertly record audio from the computer microphone and take pictures from the computer webcam.
Po isn't thrilled about the trend of surveillance in this country and how easy it could be for them to listen in on cellphones. Leo says that the courts have held that metadata (where he is or who he's calling) isn't subject to a warrant. So the government can make a request for a "pen register," pay a fee and then they can know someone's exact whereabouts.
The latest coming out of the NSA spying scandal is that the feds are spending $750 Million a year to subvert private encryption. They clearly have the desire to get rid of privacy, but Steve Gibson says they aren't anywhere near getting to the point where they can crack a back door into encryption. They can, however, pressure companies like Microsoft to put one in. Which is why open source encryption is the way to go.
Steve Gibson joins the show to talk about the latest revelations that the NSA is spending millions to break conventional encryption as they spy on us. Steve says that while the news is concerning, it only means that they're merely trying to do this. He says that the press all too often creates inflammatory headlines to sell content. There's no foundation to the rumor that the NSA has done all that. Encryption is still strong. They're just focusing on the weakest link in the chain.