Western Digital's My Book Live Network Attached Storage has been hacked due to an exploit discovered in 2018 and was never patched. Hackers can run a program of their own making taking advantage of it. A hacker has searched for numerous My Book Lives and executed a script to erase them, leaving many without the backups they were relying on. Western Digital's solution is to have users unplug their MBL from the Internet while they research the hack. Will WD issue a fix?
Manny got a Tiny Hardware Firewall, and he really likes it for when he's on the road. It was recently updated by THF and he wants to know how often he has to send it in to get updated. Leo says that security flaws have to be acted upon by getting one to click on something so the malware can take advantage of it. Often, so-called zero-day exploits are designed around this, and people have no real way of knowing they've been hacked. But keeping a system and THF patched, will mitigate vulnerability, except for zero-day exploits, which are patched pretty quickly.
John has fiddling with the RG45 jack on his DVR and discovered that he could play his programs through his Roku device from it. He could also copy them to his PC and play them through Kodi. Can he convert them from there? Leo says that TTS is a "muxed" file that he can play, and it's probably MPEG 2. Almost anything that can read video files, like HandBrake, could do it. VLC definitely could play it. The DTCP.IP files, though, will need a special player.
Researchers have figured out that if you connect your iPhone to a computer, you can keep doing a brute force password attack to unlock it and that it should take about a day to open it. Leo says that this is with a four digit passcode, and a six digit passcode is a lot harder to crack.
The Supreme Court has also ruled that law enforcement cannot get cell phone location data without a warrant. The decision said that day to day movement data on a mobile device provides an intimate look at someone's activities, even to the point of violating privacy without a warrant.
Neil is worried that the VPN Filter hack will affect his Asus router because his model isn't protected. Should he be worried? Leo says first thing he can do is update his firmware. Asus keeps their firmware up to date regularly and uses open source DD-WRT firmware. So if there isn't one, he can patch it himself. But Asus routers are great because they update them constantly. Neil should reload the most current firmware, even if he has already updated it. That will wipe out any additional problems.
The latest exploit "Spectre" affects every single chip made in the last ten years. At first, security researchers thought that the exploit only affected Intel processors, but it turns out this hack also effects ARM, AMD, and any other processor that uses speculative prediction. The white hat hackers who found the flaw discovered that you can use it to access valuable data including passwords and other information. Leo says that Microsoft has already pushed out a fix, and Apple's High Sierra has patched the vulnerability with a recent fix. Apple has also patched the iPhone and iPad.
Corey wants to know if Waze can be used on her Hyundai's Android Auto screen. Leo says Waze just got out of beta for Android Auto. But Corey has an iPhone, which uses CarPlay. He knows that Waze is in beta for CarPlay, but it's a bit tricky to install it. Check out Carplaylife.com for tips on how. Currently, it won't display on CarPlay, and Google has no plans to do so.
Walt got a notification from the US Office of Personnel Management about his personal data being compromised. Leo says it's true. They were hacked and the personal data files of anyone who has worked for or applied for a job with the US Government may have had their personal information compromised. They should have also offered users a year of free credit and information monitoring to make up for it.
If you have keyless entry, you're close enough to your Volkswagen, someone could break into your car by using an $18 device to amplify the signal of the key fob. If you also have a keyless ignition, they could easily steal the car as well. There is a fix for it -- a small wire mesh bag that acts as a Faraday cage. But Volkswagon has known for two years that all Volkswagen and Audi cars can easily be hacked and open the car door. And the problem is, it requires a hardware repair to fix it.
Marco just heard of yet another router hack called NET USB that is breaking into routers. Leo says that's because most router companies use the same code and it has bad security. The irony is that these hacks don't effect Apple routers like the Airport. So that makes the Airport a better way to go. But they are more expensive. If he can't afford to buy them, then he should get a router that is DDWRT compatible (like Asus), then he can use open source firmware to keep it locked down.