Tech Brew Ride Home - Wed. 11/20 - Our 500th Episode!
Episode Date: November 20, 2019Hackers could take over your Android cameras, the police can do whatever they want with your Ring videos, if your Disney+ account is hacked, is it probably your fault? An amazing breakthrough in solar... technology and why fishing by drone has become a thing. Sponsors: Castro Rhone.com/ridehome Links: Android Camera App Bug Lets Apps Record Video Without Permission (BleepingComputer) Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator (Washington Post) Amazon says it’s considered face scanning in Ring doorbells (Associated Press) Hacked Disney+ accounts are reportedly being sold for as little as $3 (CNBC) Apple expands in Austin (Apple Newsroom) Secretive energy startup backed by Bill Gates achieves solar breakthrough (CNN) A new solar heat technology could help solve one of the trickiest climate problems (Vox) Tackle Box for the Modern Fisherman: Rod, Reel, Drone (WSJ) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the TechMeme right home for Wednesday, November 20th, 2019. I'm Brian McCullough today.
Hackers could take over your Android cameras. The police can do whatever they want with your ring videos.
If your Disney Plus account is hacked, is it probably your fault?
An amazing breakthrough in solar technology and why fishing by drone has become a thing.
Here's what you missed today in the world of tech.
Researchers have found bugs in Google and Samsung cameras.
apps from before July 2019 that could record video, take pictures, and extract GPS data
without permission, and even when the camera or the phone itself was off and locked.
Bottom line, if these camera apps were not updated since before July 2019, they would still be
at risk. This would affect perhaps hundreds of millions of Android devices. Here are the nitty,
details from bleeping computer.
Quote, normally an app needs to have the Android.
Dot permission.comera, Android.
That permission record underscore audio, Android.
Dot permission.
Access fine location and Android.
dot permission.
Dot access course location permissions in order to record video,
take pictures, or access a device's location.
Checkmarks discovered that apps that have the storage permission, which gives the app
access to the device's entire SD card and the media stored on it also gives an app the ability
to use the camera apps exposed intense without the permissions listed above.
A malicious app running on an Android smartphone that can read the SD card not only has access
to past photos and videos, but with this new attack methodology, can be directed to initiate,
i.e. take, new photos and videos at will. And it doesn't stop there. Since GPS metadata is usually
embedded into the photos, the attacker can take advantage of this fact to also locate the user by taking
a photo or video and parsing the proper exif data, end quote. This is problematic because many
apps regularly ask for the storage permission, such as car racing games, streaming services, and even
weather apps, end quote. The checkmarks mentioned in that quote, is the security research team
that disclosed the vulnerability. They also disclosed it to Google and
Samsung and according to Google, the camera app was fixed in a July 2019 Google Play Store update
and a patch was forwarded onto other vendors. If you are using Android though, make sure you're
using the latest version and can get and update the latest version of any camera apps you use.
Amazon's ring doorbell system continues to be something else. Let me just read this opening
from an article in the Washington Post.
Police officers who download videos captured by homeowners ring doorbell cameras
can keep them forever and share them with whomever they'd like without providing evidence
of a crime, the Amazon-owned firm told a lawmaker this month.
More than 600 police forces across the country have entered into partnerships with the
camera giant, allowing them to quickly request and download video recorded by rings
motion detecting internet-connected cameras inside and around America.
Americans' homes. The company says that the videos can be a critical tool in helping law enforcement
investigate crimes such as trespassing, burglary, and package theft, and that homeowners are free to
decline the requests. But some lawmakers and privacy advocates say the systems could empower
more widespread police surveillance, fuel racial profiling, and spark new neighborhood fears,
end quote. Yes, among those concerned lawmakers was Senator Edward Markey, who wrote to Amazon
in September asking for details about Ring's policies vis-a-vis law enforcement.
Basically, the answer the Senator got back was that Ring places few restrictions on what
law enforcement can do with your Ring videos if you live in a jurisdiction that has partnered
with Ring, of which, again, there are now 600 across the country.
Quoting again, police in those communities can use Ring software to request up to 12 hours
of video from anyone within half a square mile of a suspected crime scene.
covering a 45-day time span, Husman wrote.
Police are required to include a case number for the crime they are investigating,
but not any other details or evidence related to the crime or their request.
Markey said in a statement that Rings policies showed that the company had failed to enact
basic safeguards to protect Americans' privacy.
Connected doorbells are well on their way to becoming a mainstay of American households,
and the lack of privacy and civil rights protections for innocent residents is nothing short of chilling,
he said. If you are an adult walking your dog or a child playing on the sidewalk, you shouldn't have to worry that rings products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties, end quote.
By the way, in related news, the Associated Press is reporting that Amazon is considering adding facial recognition technology to its ring cameras.
The company told Senator Ed Markey that facial recognition is a.
a, quote, contemplated but unreleased feature, end quote, of its home security cameras,
but there are no plans to coordinate that feature with its law enforcement partnerships.
Amazon's initial response to Markey said Ring doesn't currently offer facial recognition.
Then Markey sent another letter to Bezos asking why it's mentioned in Ring's privacy policy.
In a November 1st follow-up, Amazon's vice president of public policy, Brian Hussman,
said that the company frequently innovates based on customer demand,
and that facial recognition is an increasingly common feature in cameras made by competitors such as Google's Nest Division.
Quote, if our customers want these features in ring security cameras, we will only release these features with thoughtful design, including privacy, security, and user control.
Hussman wrote, end quote.
There have been widespread reports on social media that thousands of people have had their Disney Plus user accounts hijacked.
There's even been indications that those accounts are showing up on the dark web.
sold online for prices ranging from between $3 and $11 a pop.
But Disney maintains there is no Disney Plus security breach.
And in fact, unless some sort of breach comes to light,
the actual culprit might just be users themselves.
In short, it's likely that a bunch of people probably just signed up to Disney Plus
with their favorite password that they've used over and over again for maybe their email,
figuring Disney Plus is a relatively benign and safe service,
which again is probably true, but if you use that same password you've been using for everything from your
Pinterest account to your eBay login, it's probably long been out in the wild, and hackers have
just been brute force using the most likely compromised account credentials to break into Disney Plus accounts,
quoting CNBC. A cybersecurity expert told CNBC that when hackers obtain large databases, they often use
various means to take over an account, including something known as credential stuffing. It, quote,
happens when the attacker automates the process of trying
usernames and passwords on a targeted site, said
Ita Mauer, chief security officer at Cyber Intelligence Company Insights.
He explained that such a method is powerful because, quote,
many people use the same password on multiple websites.
This allows the attacker to test and see if the password from the obtained database
was used on the targeted site, end quote.
Again, I say this is most likely what has happened, though I stand to be corrected.
An investigation by ZDNet said that some users using unique passwords claim to also have had their accounts compromised.
So I guess we'll see.
Apple announced it has begun construction on its $1 billion Austin, Texas campus, slated to open in 2022.
Quoting the company, Apple has broken ground on its new $1 billion, $3 million square foot campus.
The campus will initially house 5,000 employees with the capacity to grow to 15,000 and is expected to open in 20,000.
22. Apple is steadily growing in Austin with approximately 7,000 employees in the city,
more than a 50% increase in the past five years alone, end quote. Also, Apple has that Mac Pro
production line a short distance away from this new campus, which it also crowed about,
quote, Mac Pro units are now in production in Austin and will soon ship to customers across the
Americas. The 244,000 square foot Mac Pro facility employs more than 500 people in a range of roles,
including electrical engineers and electronics assemblers who build each unique unit to customer's specifications.
Apple's growth in Austin is part of the company's nationwide expansion, announced in January 2018 to increase its investments in manufacturing, engineering, and other jobs across the U.S.
Apple is on track to contribute $350 billion to the U.S. economy between 2018 and 2023, and during that time, we'll hire an additional 20,000 employees in cities across the country, end quote.
Now, by the way, President Trump was actually scheduled to tour that very Mac Pro factory today, but he was late leaving Washington.
There was perhaps more interesting stuff on TV this morning.
At the time of this writing, I have no information about what actually happened if the president actually ended up taking the tour.
But perhaps we'll see Tim Cook staring into space for 20 minutes or so as the president is peppered from reporters with.
impeachment questions. You listening to me right now in the future? Know the answer to that.
And I, Brian, from the past, do not yet. Apparently, a major breakthrough has happened in solar
energy. There are lots of manufacturing environments that require large amounts of high-temperature heat.
I'm thinking of cement production, steel production, and the like. For all of the things you can use
solar energy for, until now, you couldn't use solar for production of that sort of manufacturing,
the only way to generate the level of heat necessary for that was to basically burn fossil fuels.
Collectively, industries like these represent around 20% of global carbon emissions.
Well, a new startup called Helogen has come out of stealth mode to announce it has created a new solar system to concentrate light in a way that can create temperatures of a thousand degrees Celsius,
and the company believes it can soon get to 1,500 degrees Celsius, which would enable something of a holy grail.
The generation of liquid fuels that can take the place of any hydrocarbon fuels.
Heliogen is backed by Bill Gates, founded by Bill Gross, among others, quoting CNN.
Essentially, Heliogen created a solar oven, one capable of reaching temperatures that are roughly a quarter of what you'd find on the surface of the sun.
The breakthrough means that for the first time, concentrated solar energy can be used to create the extreme heat required to make cement, glass, steel, and other industrial processes.
In other words, carbon-free sunlight can replace fossil fuels in a heavy carbon-emitting corner of the economy that has been untouched by the clean energy revolution.
Unlike traditional solar power, which uses rooftop panels to capture the energy from the sun, Helogen is improving on what is known as concentrated solar power.
This technology which uses mirrors to reflect the sun to a single point is not new.
Concentrated solar has been used in the past to produce electricity and, in some limited fashion, to create heat for industry.
It's even used in Oman to provide the power needed to drill for oil.
The problem is that in the past, concentrated solar couldn't get temperatures hot enough to make cement and steel.
Helogen uses computer vision software, automatic edge detection and other sophisticated technology,
to train a field of mirrors to reflect solar beams to one single spot.
Quote, if you take a thousand mirrors and have them align exactly to a single point,
you can achieve extremely, extremely high temperatures.
Founder Bill Gross said, who added that Heliogen made its breakthrough on the first day it turned its plant on.
Heliogen said it is generating so much heat that its technology could eventually be used to create clean hydrogen at scale.
that carbon-free hydrogen could then be turned into a fuel for trucks and airplanes.
Quote, if you can make hydrogen that's green, that's a game changer, said Gross.
Long-term, we want to be the green hydrogen company, end quote.
In the show notes, I'm going to link to a Vox article as well that gets way more into the technical weeds about how this works and why it's potentially such a big, big deal.
Finally today, I'm here to tell you that fishing via drone is a thing.
As you might imagine, fishing from the beach can only get you so far.
The bigger fish are out in deeper waters, which is why people like to fish from piers
or hire expensive charter boats to get them out to deeper waters where the bigger fish swim.
But if you've got a drone, basically you can stand on the beach, launch a drone to fly your
fishing line way out from shore where the best fish are. The drone drops the line and then flies back
to dry land. Quoting the Wall Street Journal, Jaden McLean, a former lobster diver in Australia,
said he and a friend developed a release mechanism called a Skyrigger. The contraption made of
marine-grade brass, nylon, and stainless steel uses mechanical pressure instead of batteries to
release the fishing line, reducing the chance of the line getting stuck and dragged down by a hooked
fish. In Florida, Josh Jorgensen, who produces YouTube fishing videos, began using a skyrigger this year.
Since then, he said, he hasn't lost a drone while fishing and planned to sell them online.
Mr. Jorgensen, 29, uses a video feed from his drone to spot fish.
Quote, I literally dropped the bait into the fish's mouth, he said. It's like a video game, end quote.
Drone fishing is legal, as long as fishermen follow standard flight rules.
such as keeping the device in sight, according to Australia's civil aviation safety authority.
It is also legal in the U.S. as long as the drone is registered and the pilot follows applicable
operating rules, end quote. As that quote mentioned, a big problem thus far with drone fishing
is that if anything goes wrong, if a fish swallows the bait before the drone can release the line,
if birds decide to attack your drone, you can end up losing your $1,000 machine in the drink.
which, if the stories in this article are to be believed, is not uncommon and would probably
sort of defeat the cost savings by not having to reserve those expensive charter boats,
right?
Finally, today, I just wanted to make note of a bit of a milestone.
Today was the 500th episode of this podcast, depending on how you count.
You could probably quibble with that number a bit.
The count might be off by one or two episodes, depending on how you determine.
and various releases. But all I know is when I went into the pod host this afternoon to post this show,
we were sitting on 499 episodes listed, making this episode number 500. As I did once before,
here's how I'd break down the accounting of all that, if indeed this is the 500th episode.
Each day I write about a 2,400 word script. So that means I've written 1.2 million words to produce
this show since its inception, give or take. On average, let's say each episode is 18 minutes
in length when you account for the longer weekend bonus episodes. That means if you went
back and started listening to the very first episode all the way through to this one,
it would take you 9,000 minutes of listening, or 150 hours, or 6 and a quarter full days
of 24-7 non-stop listening to get through it all. We passed 10 million lifetime downloads,
several months ago, though I wasn't paying attention,
will hit 20 million lifetime downloads a few months from now.
Anyway, not very profound, really, in the grand scheme of things,
but worth noting this milestone nonetheless,
and worth taking the time to thank you all for coming along on this journey with me.
See you at 1,000 episodes sometime in 2021.
Talk to you tomorrow.