2FA Texts Aren’t Safe
2FA or Two Factor Authentication is that thing where you get a text with a bunch of random numbers to let you log into on of your accounts. It’s the smart way to ensure your privacy. Unfortunately, a company called Voxox, who sends those text messages for some companies, left one of their databases open and unencrypted on the internet exposing over 26 million text messages.
Rather than relying on an outside company to send those text messages to you, you should install an app on your phone. Installing an app means you won’t be exposing those codes to anyone who isn’t able to see your phone.
Bluetooth Car Hack
A recently discovered and, sadly, simple hack on Bluetooth systems in millions of vehicles means your data can easily be stolen. But, before you panic, it mostly affects people who rent cars or let strangers use their cars.
If you sync your phone to the stereo in a car, the stereo will download information from your phone. With a minimal number of steps, an attacker can access the information from your phone using the stereo. This includes, call logs, text logs, and, potentially, full text messages.
Some companies have begun releasing updates to their infotainment systems for the 2019 model year vehicles, but just in case, there is an app to help remove your data from those vehicles called Privacy4Cars.
For the record, that’s not an affiliate link.
Password Reuse and Social Engineering Still Top Methods of Compromise
Password reuse is a big no-no. If your account gets compromised on one system, it can be compromised on all systems that use the same password.
Social Engineering is a fancy way of saying tricking someone into giving up their details. This article gives an excellent overview of the most common methods used by attackers to compromise less secure users.
Ever sent a mean message to someone you wish you hadn’t? Or maybe a drunk text? Well, now you can delete it from the recipient’s inbox as well. It’s still a “feature in the works” and being tested internally; details like the time limit for when you can un-send the message aren’t available yet.
United States Postal Service Exposes 60 Million Users’ Data
The USPS made an oopsie in the design of a system which allowed business customers to get near real-time tracking of their bulk mail campaigns. It allowed anyone with a USPS account to see any other USPS account’s details.
I can’t find an official source discussing what’s being done. Just assume that if you have a USPS account it’s been breached.
BrainGate2: Leveling the Playing Field
Finally, some good technology news! Three people have been implanted with BrainGate2, a device that is wired directly to the part of the brain which signals the intention to move. Study participants streamed music, sent texts, and ordered groceries.
This technology will allow people who are paralyzed or have lost limbs to interact with devices that are commonly available. Meaning: No special modifications were necessary to make the devices usable.