Nova Labs, the company behind the decentralized Helium IoT network, has acquired FreedomFi, a company trying to build a decentralized 5G network. Kevin and I share our doubts about the value of a decentralized 5G network and question how this might work before moving on to discuss an array of security news. We start with the latest report on OT security from cybersecurity firm Claroty before sharing research on air-gapped networks bypasses with lights and sound. We end with a story about Amazon patching Ring apps on Android devices and my hope of a new tool that could make it easy to monitor devices that might invade your privacy. We also talk about a new wearable that tracks mood, Kevin’s frustration with devices, Nordic Semiconductor’s foray into Wi-Fi chips, Chamberlain’s reversal of HomeKit support, and InfluxDB announcing native connectors for MQTT. We end the show by answering a listener question about NovaLabs and its 5G plans.
Our guest this week is Josh Corman, who returns to the show to discuss his work at the Cybersecurity and Infrastructure Security Agency (he just joined Claroty as vice president of cyber safety strategy). Infrastructure in the U.S. and in many other countries has become increasingly attractive to hackers seeking ransoms or more serious disruption. Whether it’s someone hoping for profits or a nation-state, Corman points out some of the easiest and most effective steps an entity can take, even if that organization doesn’t have a formal cybersecurity program — or the budget for one. He starts with the Bad Practices list from CISA that states organizations should avoid hard-coded passwords, establish multi-factor authentication and to avoid using software that has reached its end of life. We also discuss an easy effort to get your Stuff off Search, a program that helps any IT person suss out open ports on popular search sites such as Shodan, Censys and Thingful. It’s so easy I can do it.