What the Heck Is BlueSky? – DTNS 4511

We learn about Rediet Abebe, a key black innovator in AI development. Samsung bans generative AI tools like ChatGPT after employees load sensitive data into a prompt. Multiple companies have joined together to propose an industry standard to the IETF for “unauthorized tracking alerts” for Bluetooth trackers like Apple’s Air Tags or Tile’s Trackers. And we go through things you should know about BlueSky.

Starring Tom Merritt, Sarah Lane, Nica Montford, Roger Chang, Joe

MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Mastodon Streamlines Onboarding Process – DTH

DTH-6-150x150Mastodon introduced a default server for new users to streamline onboarding, Microsoft launched a preview of payments in Teams, and BeReal introduces a curated timeline called RealPeople.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

Ask Your Doctor if ChatGPT is Right for You – DTNS 4510

Geoffrey Hinton, 2018 Turing Award winner for his foundational work in AI, recently left Google so he could speak freely about the dangers of AI without negatively impacting Google whom he believes has acted responsibly in its AI roll-out. Is juice jacking a real threat to users of up to date smartphones? And JAMA has a story about the comparison between real physicians and ChatGPT answering patient questions.

Starring Tom Merritt, Rich Stroffolino, Chris Ashley, Roger Chang, Amos, Joe

MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Arm Announces IPO – DTH

DTH-6-150x150WatchOS 10 said to be widget-friendly again, Godfather of AI says he regrets things, Super Mario Bros movie rakes it in at box office.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

ViX+ ha muerto, que Viva ViX – NTX 311

Desaparece ViX+, ya puedes usar WhatsApp en más de un celular, y buscan regular el uso de IAs y robots en México.

MP3

Puedes  SUSCRIBIRTE AQUÍ.

Noticias:
-En México, la cámara de diputados aprobó las penalizaciones para quienes operan aplicaciones montadeudas.
-Microsoft empezó la implementación de su Designer en la barra lateral de su navegador Edge.
-WhatsApp actualizó su función multidispositivo para que pueda usar la aplicación de mensajería en distintos dispositivos con iOS o Android.
-En México, el diputado panista Ignacio Loyola Vera está impulsando una iniciativa de ley para la “regulación ética de la inteligencia artificial y la robótica”.
-¿Te acuerdas de ViX +? La versión de paga de la plataforma de TelevisaUnivisión dejará de funcionar y su contenido se incorporará dentro de la marca de ViX.

Análisis: ¿Por qué desaparece ViX+?

Puedes apoyar a Noticias de Tecnología Express directamente en este enlace.
Gracias a todos los que nos apoyan. Sin ustedes, nada de esto sería posible.
Muchas gracias a Dan Lueders por la música.

Contáctanos escribiendo a feedback@dailytechnewsshow.com

Show Notes
Para leer las notas del episodio en una ventana aparte, ¡haz click aquí!

Don’t Fall For The Cozy Bear Honey Pot – DTNS 4509

We get a RSA Conference wrap-up from David Spark, ask why there’s no standardized threat actor naming convention, and Reddit began testing persistent chat channels with 25 volunteer subreddits.

Starring Sarah Lane, Rich Stroffolino, David Spark, Roger Chang, Joe

MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Reddit Tests Persistent Chat Channels -DTH

DTH-6-150x150Reddit starts testing persistent chat channels, Qualcomm announces mobile upscaling tech, and Sony sold a bunch of PS5s.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

Voltage Irregularities – DTNS 4508

How has cloud computing, data centers and generative AI increased the demand for fossil fuel energy instead of reducing it? Chicago’s Human Computer Integration Lab demonstrated a way to give you haptic feedback in VR without anything on the front of your hand. IDC reports that smart phone sales fell 1.6% on the year. That’s the 7th straight quarter that smartphones sales have fallen year over year.

Starring Tom Merritt, Sarah Lane, Molly Wood, Justin Robert Young, Roger Chang, Amos

MP3 Download

Using a Screen Reader? Click here

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Amazon Ends Halo Health Products – DTH

DTH-6-150x150Plus Meta sees user growth again for Facebook and the handheld gaming device space gets crowded.

MP3

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

About SIM Swaps

KALM-150x150"

You may have heard that using text messages as a second factor or 2FA code to protect your logins is less secure than other forms like apps or keys. You may even know this is because of something called SIM Swapping. Are there any legitimate uses/functions to swapping/cloning?

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode transcript:

You pick up your phone and there’s no service. You’re not getting text messages. And shortly you notice somebody is posting on your Facebook account. And you can’t log in anymore.
You’ve been SIM swapped.
You may have heard that using text messages as a second factor or 2FA code to protect your logins is less secure than other forms like apps or keys.
You may even know this is because of something called SIM Swapping.
But I bet a lot of you have the same question Mike has. Mike emailed Daily Tech News Show and asked “I hear y’all talk about how 2FA via SMS (text messages) is bad because of SIM Swapping. …but what *is* SIM Swapping. It sounds like if my SIM was swapped then my phone would stop working – I wouldn’t be getting my messages or be able to make phone calls. Would ‘SIM Cloning’ be a better term? Why is SIM swapping/cloning even allowed by the carriers? Are there any legitimate uses/functions to swapping/cloning?”
You understand more than you know Mike.
Let’s help you know a little more about SIM swapping.

The only legitimate SIM swapping would be if you pull out a SIM card from your phone and put in a new one yourself. The SIM in SIM card stands for Subscriber Identity Module. It’s a way of identifying what account is associated with the phone. Since the 1990s it’s existed as various sizes of little plastic cards with a chip on one end. You insert it in a SIM slot in your phone and the phone uses that information to identify you on the network. That way your phone gets calls and text messages meant for your number. And the data service you pay for is delivered.
Why is this helpful? Well if a phone is locked to a certain provider it’s not. The cell phone provider will only let you use the SIM it wants you to.
However if your phone is unlocked, you can put whatever SIM in it you want. As long as that SIM is authorized on the network, the phone will use it to get your calls and texts. So if you pull your T-Mobile SIM out of an unlocked iPhone and put it in an unlocked Samsung Galaxy S23, the S23 will get calls and texts that you used to get on the iPhone. And you can put it back in the iPhone and carry on as well.
Some phones even have dual SIM slots so you can switch between two providers without having to remove the SIM cards. Handy for people who travel between regions with different providers.
But none of this is what people mean when they say SIM swapping.
Sim Swapping is generally used to apply to malicious activity. You may hear it called simjacking, or SIM splitting. But it’s essentially the idea of an attacker getting the phone carrier to swap your account to a new SIM card that the attacker owns.
You may have done a legitimate form of this kind of SIM swap when you activated a new phone. Unless you moved the SIM card from your old phone to a new phone, you probably went through some kind of process, whether in a store, over the phone or even just over the internet- to tell the carrier that the SIM card in the new phone should be associated with your account not the one in the old phone. You may not have realized that’s what you were doing, but as soon as your phone number started working on the new phone, the SIM had been swapped. Your new SIM card was swapped into the database in place of the old one. The old phone no longer works with your number.
Malicious SIM swapping does this without your approval.
To do it they have to make a phone call. Because when you set up a new phone, you usually have the old phone nearby as you switch. A malicious actor wants to change the SIM card on your account without your knowledge.
Going into a store could work but it’s a little riskier since they have to show their face. So most SIM swapping is done with a call.
On the call the carrier will ask them things about you. To prepare for the call the attacker will collect as much personal info about you as possible. Usually a phishing attack is used on the target. They might send an email that appears to be from your phone company asking you to confirm account info, possibly by logging in. Any link in that email would be to a site they control that can capture your info when you log in. That’s just one example. But it’s a major reason why you should not trust every link in an email and never email person info.
It’s not the only method though. An attacker might be able to find the personal info they need for sale. If your info was available in a data breach they may be able to get what they need without phishing you.
Whatever method they use they’re trying to gather as much info as they can, birthday, passwords, account numbers, street you grew up on, whatever they can. They’ll need it for the next step.
Once they have the info they call the phone company and say they need to move their account to a new SIM card. This is not itself a suspicious request. People legitimately do it all the time. Maybe they lost their SIM card somehow while swapping it between phones. Maybe they bought a used phone. These aren’t super common reasons but they’re common enough — that carriers need to be able to support them– when legitimate.
So the carriers try to ask you questions only you would know the answer to in order to verify your identity. They could just push a message to your existing phone right? But what if that’s why you’re swapping the SIM. Maybe the phone and the old SIM card are damaged.
Whatever the case, the attacker will pretend they’re a legitimate users who can’t use any of those methods. But they will use what info they collected about you to answer the questions carriers throw at them to convince them they are you. If they have enough info they may be able to answer all of them. And if they do, they can successfully get the carrier to transfer the account to the SIM they have. Once they do that they can put that SIM in a phone they have and get access to your calls and text messages.
And once they have that access they can try logging into your accounts. If they have your passwords and the account is protected by text message codes, they’ll get the codes and be able to get into your accounts. They can also use the phone number for voice or text account recovery on many accounts, to take control that way.
It’s possible for the attackers to add a device instead of replace yours, but they’re likely to get caught faster as you’ll see all the text message codes too. So more often than not they will replace your device. Your device will suddenly stop working. Most people will assume it’s a bug or a glitch. But even if you assume it’s a SIM swap you’ll have to visit the carrier in person and convince them of that. And even in a small amount of time the attackers can gain a lot of access.
You may wonder why carriers don’t do more to stop Sim Swaps. The problem is that most people really aren’t targets and the carriers calculate, reasonably, they would inconvenience a large amount of people for no reason.
The FCC is drafting rules to prevent SIM swapping in the US. And some carriers now require SMS verification or verification by two employees that you are who you say you are before a SIM is transferred.
Most carriers do offer preventative measures you can choose to enact to help prevent SIM swaps.
You can lock your phone number to a SIM. This can be called Port Freeze or Number Lock. Port freeze because you can’t port a number to a new phone. Number lock because the number is locked to a SIM card. It means you cannot move your number to another SIM card. You can melt the freeze or unlock the number with either PIN or by visiting a store and showing ID.
Most carriers let you sign up for alerts to send you anytime a phone number or SIM card is changed. You should turn those on.
Beyond that you should do the things you would usually do to protect your personal info.
Don’t click on links from people you don’t know. Don’t offer personal info over email unless you are VERY certain of who you’re sending it to. Phone carriers and banks will never ask for sensitive info over email. Protect your account with authentication apps or security keys. If you protect your account wit a second factor over text message, well it won’t protect you from SIM swapping. But if you’re using an authenticator app– and not text messaging too- just the authenticator app, then SIM swapping won’t allow an attacker to get into that account.
So yes Michael SIM swapping does shut your phone off but that’s not protection against the SIM swapping. These attackers can work fast.
Hope that answers your question. In other words, I hope you Know a little More about SIM swapping.