More Tech Wellness Topics

5G
DIY
EHS
Articles Expertise

Should You Enable The New Covid Tracking App? The Cyber Experts Tell You Yes And No and Why

We've got the details from our Privacy experts on the Podcast!

Here's some tips from our conversation:

Tips from the podcast:
GENERAL PHONE HACKING:  Basically, any iPhone X or earlier, (8, 7, 6, etc.) is able to be hacked.  That means that all your data in there could easily be hacked by anyone with a piece of software that easy to get.  So, all your passwords, access to all your emails, pictures, bank accounts, texts, music, other recordings—ALL YOUR PERSONAL INFORMATION-is readily accessible.
  Tech Wellness Podcast
The best way to get around this frankly is to get a new iPhone.  Seriously.  Or just live with the risk.  While you might think it will never happen to you. But 1 in 3 Americans have already been hacked.  Many more have most likely been hacked but just don’t know about it yet.  
Bryan and Matt agree that it’s safest to keep your software up to date for the most part. Because those “bad actors” we always hear about, or Russian Bots or what have you, are always looking for a new way in.  Many of the updates that come along are designed to block those new hacks.  
As an example, Mac iOS 13.5 actually plugged one of those security holes.  So, no matter if you have a brand new phone, if you don’t update, your data is vulnerable.  If you DO update, as of this writing you’re safe. 

TO UPDATE OR NOT UPDATE?

THEIR ADVICE:  Update.  Then just take a few steps to protect yourself if needed.   As an example, you can manage the contact tracing pretty easily:
COVID-19 CONTACT TRACING That brings us to contact tracing.  The contact tracing software that is part of iOS 13.5.1 isn’t really an app.  Technically, it’s an API, an interface that will work with an app that can be installed at a later date.  So right now, we don’t need to worry that our Bluetooth is registering everyone we come within 10 feet of. But those apps are coming and 38 attorneys general have petitioned Apple and Google to make the API available only to bonafide state and local agencies who are actually going to help eliminate the virus, not people who are trying to sell you something based on who you’ve come in contact with!

See Below for the DETAIL ON HOW the PHONE TRACKS FOR COVID

THE GOOD NEWS.  You can also turn OFF CONTRACT TRACING CAPABILITIES ON YOUR IPHONE on 13.5.1.  Here’s how:
1. Go to SETTINGS
2. Swipe down to  PRIVACY and click
3. Now choose HEALTH
4. Tap COVID-19 EXPOSURE LOGGING at the top of the screen
5. Right now, you’ll need an authorized app before EXPOSURE NOTIFICATIONS can be turned on.  But once that app is loaded and turned on, you can still choose to turn notifications on or off. 
6.  You can also delete the exposure logs manually at any time at the bottom of the settings.
Like so many things that have to do with our online privacy, we have to make an effort to keep our information from being readily available to almost anyone who wants it.
OTHER PRIVACY/SAFETY TIPS FROM AUGUST & USA FORENSIC.  Cyber sleuths like Bryan and Matt, who are in the business take more precautions with their own data than most people—because they KNOW what can be done.  Here’s some of the steps they follow:

Don’t enable facial ID on your smartphone
Use an extra long passcode.  The longer your passcode, the harder to hack.  Hackers use tools that can attempt to figure out your password.  They have files of millions of potential passwords that they will just run on a machine hoping that it hits.  Surprisingly, most people use something that is pretty easy to figure out.
                                                                                                                                                                                BUT, you can set a PW longer than 6 digits.  In SETTINGS, scroll to FACE ID AND PASCODE, enter your current passcode, scroll down to CHANGE PASSCODE, choose CUSTOM NUMERIC CODE and put in as many numbers as you can remember (I use 9 currently)  The only difference is that you have to click OK after you enter the code.  Otherwise, a small price to pay for extra security.  
KEEP YOUR WIFI & BLUETOOTH OFF UNLESS YOU NEED IT FOR SOMETHING. Unless you need to do something important, keep these features off
camera blocker
COVER WEB CAMS AND MICROPHONE ON ALL DEVICES UNLESS YOU’RE USING THEM.  The single biggest computer hack today is someone being able to access your camera and microphones.  It’s so easy that high school kids can do it.  So make sure you’ve got them covered.  We’ve got CREEPBLOCKERS that work perfectly for this on Tech Wellness. 
Faraday crossbody
USE A FARADAY BAG.  A faraday bag, like the ones we have available on Tech Wellness, block signals in and out of your phone. It’s the only way to be truly certain you aren’t being tracked or hacked, even when your phone is turned off!
These easy to follow tips will give you the best chance to make sure that your business STAYS your business in our digital age.
 

 

The world is bubbling with fear and anger and believe me, I don't want to contribute to that energy. 
But it's important that you know that whether you're protesting or protecting yourself and your family from COVID19, you need to be mindful of your privacy.

Apple's latest update comes with a notice that COVID Contact Tracing Is Now Installed in your Phone

First, let's talk about the new "COVID software". OS 13.5 and 13.5.1 both have the new contact tracing coding that powers Apps to alert you that someone around you could be sick.


Are you being tracked? Do you care?
Are you worried about your phone telling some App or some database where you are and what you're doing?
Are you looking forward to knowing if someone around you tested positive for Covid? Would you welcome a ping from you phone telling you that someone nearby was sick?

You have to come up with those answers for yourself, but I'd love to give you the information you need to do that. 

Apple's  official launch of what's being called "Exposure Notification," the contact-tracing for all Apple devices, is based on a Google and Apple joint partnership to create software that will always run in the background of your phone to allow specific apps to track your location and the people who are in that location with you, via Bluetooth.


Apple says the information will go to a data base and then certain health apps will share that information with a view toward protecting you from the people around you that may be sick. While they claim that you have to "opt in" to be a part of the program, the tracing technology will still be on your phone with nothing really stopping it from being used for all kinds of tracking.

Third Party apps are not held to security standards  

According the a recent Business Insider article

For Apple and Google's own exposure notification technology there are strict guidelines in place, including a rule that only public health authorities are allowed to build apps using it. But when it comes to third-party apps, these same standards don't currently apply.

Based on these recent developments and privacy concerns, the Attorney Generals of over 30 states have written Apple and Google asking them to limit the software  so only public health authorities can publish apps that transmit sensitive health information, along with other rules.


A FARADAY BAG STOPS ALL TRACKING --EVEN GPS!

Why Update to IOS 13.5.1?

  • You like the idea of the upcoming what is being called "Exposure Notification"
  • You like the idea that you get an option to automatically share health and other personal information from your medical ID, when you call 911 or Emergency services
  • You're excited about the Graphic Fix to Facetime: which lets you control automatic prominence on Group FaceTime calls so video tiles do not change size when a participant speaks
  • You're noticing "Black Screen" The update fixes an issue where some see a black screen when trying to play streaming video from some websites
  • Update IF you already updated to 13.5.  You really should update to 13.5.1 because it fixes a hacker vulnerability that was found in the 13.5 update.
  • You use Face ID(!) to open you're phone, but you want the manual passcode screen to come up faster when you have a face mask on.  Face masks don't work with Face ID, so the new update recognizes the mask and allows the passcode screen to come up faster than it normally would.
  • You want to be sure that what's been called "One of the Longest Vulnerabilities in IOS History gets fixed:
  • You're uncomfortable with the Contact Tracing capability, so you will turn off BlueTooth whenever you're phone is on-because that's how the Contact tracing functionality is powered.

Both 13.5 and 13.5.1 fixed a problem that was reported in Forbes in May:

In April, Apple acknowledged that every iPhone released in the last eight years was vulnerable to remote attacks through the the IOS Mail App At the time, the company played down the severity of this saying it had seen ‘no evidence’ of exploits but now ZecOps, the security specialist which discovered the flaw, has contacted me with new information that not only is it being triggered in the wild, but that the first potential triggers existed a decade ago and every iPhone ever made is vulnerable

Don't update to IOS 13.5 If You're Concerned At All About Having the Contact Tracking On Your Phone

It's not supposed to work at all if there's not a  health app that designed to notify you of exposure on your phone too.  But alot of people just don't want to take the chance yet. 

It's not supposed to work at all if there's not a  health app that designed to notify you of exposure on your phone too.  But alot of people just don't want to take the chance yet. 

How To Disable Auto IOS iPhone Updates

You can decide IF and WHEN you want to update your software on IOS.  Eventually, Apple makes so many updates that if you don't update, you'll find that some of the functionality of your iPhone won't work as well. But at least for a couple of months, we find that's it's fine not to update.

You'll continue to get messages that the app will auto-update the next time you charge or overnight.  Simply turn on airplane modeion the phone while you charge and the phone will not update.

Here are the easy steps to turn off the auto-update setting.

Go to Settings> Tap General  (That RED CIRCLE One tells you that you have an update waiting to download)

disable auto updates

 

Next Tap Software Update

turn off auto update

 

Next Tap Software Update and you'll see some information about the update.  This 13.5.1 update fixes the hacking bug that came if you updated to 13.5

turn off auto IOS update

At the bottom you'll see where you can choose On or OFF on the Automatic Updates.  Choose Off.

If that's how you feel, don't update, but do consider this one important precaution:
  • If you decide to keep your current IOS and not do the update. ZecOps, the folks who found the security issue recommend deleting the Mail App because of that hacking issue.

Find Out If You Have The  Mail App on your iPhone.  Here's what it looks like:

delete mail app

Here's How To Delete The Mail App To Make Certain Your Phone Isn't Hacked Via The App:

apple mail app how to delete

If you use Gmail, you can access that via Safari or another browser.  But it may just be a good time to try Proton mail , we love that it's encrypted and doesn't have the nasty privacy issues that Gmail does.

What happens when you delete Apples built-in apps from your device? This from Apple:

Deleting built-in apps from your device can affect other system functionalities. Here are some examples:

  • If you have an Apple Watch paired with your iPhone, deleting an app from your iPhone also deletes that app from your Apple Watch Home screen.
  • If you delete the Podcasts app from your device, Podcasts won’t be available with CarPlay.
  • If you delete the Stocks or Weather app from your device, stocks and weather won’t be available elsewhere. For example, you won’t see stocks and weather information in Notification Center on your iPhone or as Complications or Glances on your Apple Watch.
  • If you delete the Calculator app, the calculator won’t appear in Control Center.

To restore an affected functionality, you can add built-in apps back to your device.

Remember, With or Without Contact Tracing Technology Your Location Can Still Be Tracked

We talk about this alot at Tech Wellness and we urge you to be aware that most of the Apps on your phone can track you.  The good news is you have the power to say no by turning off location services or GPS.  Please do.

But then, also remember that as long as your phone can communicate via WiFi or Cell signal, your phone tells Apple or Google or Your mobile provider-- ATT, Verizon, Sprint etc. where you are.

Your Phone Can Reveal Your Location

It's called Geo-fencing and it's how advertisers know to deliver an ad to your smartphone when you're walking by it's store.  But it can also be used to know where you are anywhere--like when you're protesting perhaps.

Read this article to learn about how authorities are using geofence tracking to pinpoint people involved in the recent protests. 

HERE'S HOW YOUR PHONE WORKS WITH A HEALTH APP TO  TRACK COVID 19

  • You've downloaded the latest API with Exposure Notification
  • You've dowloaded a registered health app designed to track Covid
  • Via BlueTooth your phone periodically sends out a Beacon(a cookie of sorts)
  • The Beacon is a string of random numbers-a cookie of sorts that apparently is not tied to your personal data
  • Apple says the numbers change a few times an hour for privacy protection
  • iPhones and Androids will download "identifying positive Covid" beacon keys for everyone who has confirmed to have Covid 19 onto the phones with the API
  • Your phone will process the list of exchanged "positive Covid "beacons in relation to your location beacons
  • Via the Health App you will be notified.

So now what?  

We recommend holding off on updating your iOS while you can. Although Apple makes you update to the latest version eventually. As we wait, we hope to get more information on the details and security measures taken.   

If you have already updated and  are worried about this contact tracing tech, remember that it all happens via Bluetooth and you can go on Airplane Mode or turn off Bluetooth whenever possible! 

 Of course, a Faraday Bag with its complete signal blocking ability is always your best option to be as stealth and safe as possible and we have so many lovely options to choose from.

womens faraday

Here's to staying secure, private and healthy. Be Well! 

 

We asked USA Forensic our Cybersecurity specialist to chat with us about if we should update or not.  Listen to the PODCAST here!

 

I'm so excited to have Matt Erickson and Bryan Neumeister, the cyber-team from USA Forensic.

 


August Brice:                 I always like to talk about some really fascinating thing that you're working on right now. Is there anything that we can talk about today that's exciting? Have you taken apart any phones recently to find something fascinating?

Matt Erickson:              Generally speaking, we're using the exploit to jailbreak iPhones to get a lot more data than what the standard forensic processes can give us and it's way, way more data. Those are phones that are on older hardware and older operating systems. It's scary what you can see. You can see which applications were opened and where they were opened from. If it was the home screen or if it was running in the background, we opened it from there. There's a lot of new details we have access to now.

August Brice:                Now, you said on older operating systems. Does that mean if we keep updating, maybe we can keep people, who might want to find out our business, from finding out our business, if we keep updating?

Matt Erickson:              That's true in anything newer than an iPhone 10. iPhone 10's even on the latest operating system are still vulnerable to exploit for the jailbreak rather. The newer phones and the newer software combined are really, really the best thing for you.

August Brice:                The main reason that we talk about this on Tech Wellness is because I want people to feel really comfortable that their phone is their phone and not somebody else's information. You know what I mean?

Matt Erickson:              Correct.

August Brice:                Tell me, if we do continue to keep our updates, because in part of our recommendations from you, Bryan, we talk about how important it is to keep updating our phones so that hackers can't get into them. So, Matt just talked about how easy it was with this new, whatever software/hardware you guys have, to see really, really incredible specifics about what people do on their phones. So if we keep updating, can we keep the hackers away?

Bryan Neumeiste...:      The idea of an update is a couple of things. One is to plug leaks in the ship, so to speak. The second would be to add new abilities to a phone. The idea with an update is to limit the amount of access people have to your operating system. So with each new update, you're plugging exploits. However, people are always working on new exploits, so it's a continuing battle.

Matt Erickson:              Yeah, that's exactly right. Currently, if you have an iPhone newer than the model 10, then you definitely want the latest operating system. Currently, that is not vulnerable to the exploit. However, iPhone 10 and older, regardless of the operating system, those can still be jailbroken without really much effort at all.

August Brice:                Matt, this leads us to the whole controversy. There is a controversy going on about 13.5.1 because of the new contact tracing. Apple and Google have both said it's not actually an app but an API.

Matt Erickson:              Correct. It requires an official app to function properly, which up to this point, there is not one released for this country. So, those settings are visibly disabled by default within iOS 13.5.1 and newer.

August Brice:                Okay. Right now, what you're saying is we're safe from anybody using that API inappropriately.

Matt Erickson:              I don't know if that's a guarantee, but-

Bryan Neumeiste...:      Safe is a relative term. The genie has been let out of the bottle. That is available to people to run with as they please. Once you let a genie out of a bottle, there's no telling where it's going to end up.

August Brice:                Somebody who probably shouldn't be doing what they're doing could use that API. Am I referring to it correctly?

Matt Erickson:              Yes.

August Brice:                Okay. Could use that API to install something on some phone to find out something that they really shouldn't be sharing.

Matt Erickson:              It's a possibility. I think it would probably be awhile before something, I guess, develops, but the code framework is there. So, I think it's only a matter of time.

Bryan Neumeiste...:      The other thing is who really wants something like this. Law enforcement, of course, would love to have it because you could literally see who's hanging out with who if you're doing drug interdiction or something like that. The question is, does everybody want somebody looking at where they are and who they're with? A lot of apps can do that anyway. They track your habits like Foursquare and those kinds of apps track where you go using the data for regional advertising. The question is, how much of your privacy do you want to give away? I think, it's the coin here.

August Brice:                How much of my potential privacy would I be giving away if I did the update? By the way, I'm still on 13.3. I'm very happy there for now. Because I understand with 13.5, you're very vulnerable. And so if you are on 13.5, you should update to 13.5.1.

Bryan Neumeiste...:      One thing that's important to know is it depends which model iPhone you're using and which software revision you're using, or version you're using because each one has... As Matt just said, the newer iPhones are less vulnerable than the older one. There's so many variables here. It's such an interesting field. It depends on what you mean by vulnerable and who's after you to get what because it does take some handshake between an app and a phone, especially on a jailbroken phone, to access stuff that you have that's private.

Matt Erickson:              Yeah. 13.3 version iOS is vulnerable to an exploit for jailbreaking on every model except the iPhone SE generation two. All other models running that iOS can be jailbroken. Jailbroken phones are going to give you a lot more access to databases that are otherwise not accessible on a standard forensic process. So if law enforcement gets your phone, they're going to be able to jailbreak it very easily and see pretty much everything that happens on your phone, and everything you've done and your passwords, and everything like that.

August Brice:                Okay. Technically, what does jailbreak mean and who can do a jailbreak?

Matt Erickson:              Basically, it's just an altered version of the operating system, to put it simply. It tears down security walls basically, so software can run and do things that otherwise it was not permitted to do.

August Brice:                Can anybody jailbreak my phone? Can somebody get into my phone without holding onto it and jailbreak it?

Matt Erickson:              There's not a method I'm aware of currently that would allow that to happen. It's a method that they have to have your phone in hand to do that.

August Brice:                Okay. That makes me feel a little better.

Bryan Neumeiste...:      Another quick thing is you can set your dataport in such a way that it is not transmitting data unless it's unlocked, so that's an important thing to do on the newer iPhones.

August Brice:                Hey. Can we put that tip on a blog? Can you send that to me-

Bryan Neumeiste...:      Sure.

August Brice:                ... step by step how to do that?

Matt Erickson:              Yeah, absolutely.

August Brice:                Great. Also, I'd really like to make this easy for everyone. So, can we get some sort of a chart or a schematic showing if you have this iPhone, you should be doing this version? Because you said all the versions we're different.

Bryan Neumeiste...:      Yes.

Matt Erickson:              Yes, that's correct. There's a snippet of what I sent yesterday that I'm happy to provide that's hosted publicly on a Reddit page that is used directly by one of the big forensic tools that we use.

August Brice:                I'm shy about updating to 13.5.1 because I feel like it's opening up for not somebody who might jailbreak my phone but just for my health insurance company to eventually know something about me that probably should be private.

Bryan Neumeiste...:      Well, there's a way to shut off the actual Bluetooth update that they installed. I think we can send you a map or a graphic of that.

August Brice:                You mean just how to turn off auto updates? Is that what you're saying?

Bryan Neumeiste...:      No, how to turn off that particular vulnerability for Bluetooth that if they do have a national app they can use the iOS update with, there is a way to shut that particular piece of data down.

August Brice:                We will do that as well. Great. Okay. But like you said, Bryan, before, if it gets into the hands of the wrong person or the wrong mega developer and they somehow can access this information because of this new API that was put in, what's something that could happen to just about anybody?

Bryan Neumeiste...:      Well, again, it's not a matter of if, it's a matter of when, as it always is when new technology comes out. That's just the nature of the business. It's really a Pandora's box. There's no way to tell how it can be used at this point, but there is a way to shut it off with the current operating system. Even if somebody does download an app, there's a current way you can shut it down. We'll send you a graphic on that so that it's very easy for people to make sure that even if they do get the app, that they're not transmitting their data.

August Brice:                Okay. This is interesting because at this point, I'm not updating. But as I get more information, and this is what I've told my community, if you're unsure about it, give it some time. Let's get all the information on the table. Let's find out other people's experiences. Because as these things roll out, generally within a month, you know all of what are they, they're not-

Bryan Neumeiste...:      Well, they're very often in the computers. For example, if you're running a Windows or Mac computer, you're going to get constantly updates. It's best usually to wait a bit, especially on Windows updates, to see what the community out there thinks of the update. Because with every change, there are programs that may not interact well with the frame network, frame updates or something of that nature. So very often, programs aren't compatible right away with the update and it might take them a little bit to catch up. So, you might not want to update your computer right away to the latest, greatest until you find out if the programs you're running are compatible with the update. That's going to be pretty apparent by what people are saying online.

August Brice:                Right. We're going to get more information about this particular one. You know what's interesting? I've turned off my auto updates. I typically do not ever go on Wi-Fi, so that's a good thing. But, I do connect to the internet. My auto update hasn't come through. However, I've had several people comment on the post that I said, "Hey, be careful about auto updating to 13.5.1." Tell me that their phone auto updated even though it was disabled, the auto update function was disabled. Have you heard about that? Is there anything we can do to prevent it just in case?

Matt Erickson:              I have heard about that. I've seen many cases where people are very unhappy about that. They confirm their auto updates are off and they did get the update.

August Brice:                What happened and how can we stop it? How can we tell people to stop it and how come I'm so lucky that it hasn't auto updated?

Matt Erickson:              I suspect it's the people that are already on 3.5 that are getting pushed to 3.5.1.

August Brice:                Oh, okay.

Matt Erickson:              This isn't confirmed, but I suspect it's because Apple deemed update critical to patch the new vulnerabilities. I think that's just something they push through for people that are on the preceding operating system.

Bryan Neumeiste...:      Now, the workaround would obviously be if you turn off your Wi-Fi and you're on LTE data, you turn off your LTE data so it's just for voice. You're shutting down your data in and out over your phone system. There's a way to do that inside, a very simple way to just switch off what the phone does. It was originally put there for people that had limited data plans, but also a good way to shutdown stuff from coming into your phone because it just-

August Brice:                Great.

Bryan Neumeiste...:      ... does it for communication.

August Brice:                Okay. And so, what will I lose if I turn that off?

Bryan Neumeiste...:      Literally, any data from texts to whatever coming in.

August Brice:                Okay. So, am I taking away too much functionality?

Bryan Neumeiste...:      If you're using your phone as a phone and you're out there driving or whatever, that's one thing when you're out there. This is one thing I think we do just because we are in this field is we shutdown Wi-Fi and Bluetooth when we're not using it. We don't walk out the street with Wi-Fi and Bluetooth on. It's just senseless. You're just a beacon. So, it's a lifestyle choice. It's very simple to do. It's like picking up your car keys, you just do it before you walk out the door.

August Brice:                Exactly. I do it because I don't want to be exposed to the EMF.

Bryan Neumeiste...:      Yeah, everybody's got their own reasons. But if you want to be reasonably a little bit more secure, turn off your Wi-Fi and Bluetooth while you're walking around. I don't connect my iWatch to my Bluetooth except for updates.

August Brice:                That's another important point, Bryan. The iWatch, it's updating as well, right?

Bryan Neumeiste...:      Yeah, it should. The tracker is supposed to be able to work with the iWatch as I understand it too. There is no app that will accept or will use that new update yet because there's no national app that's been approved for it. So, it's just kind of sitting there lurking, but your iWatch is just as much of a beacon as your phone is in many cases.

August Brice:                Can I read you one of the comments from someone who was very frustrated because they got an auto update?

Bryan Neumeiste...:      Sure.

August Brice:                Okay. This is part of the comment. She says, "I check my Apple Health tab daily to make sure the CV tracking remains off. I'm aware that it's just the API though I don't trust them." So, do you think it's important, after you've downloaded it, to check your Apple Health tab every day to make sure it's not running somehow in the background?

Matt Erickson:              There's definitely no harm in checking. I don't think there's going to be any possibility for it to be enabled or functioning until that national app is released to the public. No one knows when that's going to happen. But yeah, there's no harm in checking. You just go through your Health settings and make sure the COVID tracking is disabled. It's got some way doing that.

August Brice:                Every day, just in case, that's what she's doing. And then, she says, "When I go out, I have changed my normal behavior where I used to use my iPhone for many things like notes, lists, calendar, store, coupon apps, et cetera. Instead, I've invested in a Faraday bag and I put my cell phone on airplane mode and in my bag," which is awesome. She got one of my bags and you guys use a Faraday every day as well. That's how I roll that it's really interesting. Because as I read this, because this is the way I operate, because I read it from somebody else, I think, "Oh my gosh, really? The problem is it's not our phone, it's their phone." You know what I mean? It's like, "It's Apple's phone." She can't use it for notes and lists because she understands now it really isn't her information. It could be anyone's information.

Bryan Neumeiste...:      I think people forget to read the ULA agreements and we're all guilty of that. Because for example, if you upload a photo to Facebook or to any app like that, they own it. That's in the ULA agreement. It could end up on a billboard and you have no rights to it depending on which app. So, these are the things you have to understand. But in general, I think just one of the things when you're mentioning that Health app there, in forensics, when you're doing a cellphone, the most data is going to be in the Health app. The thing that takes the longest is the Health app. It just eats up data on your phone. Matt, you deal with that every day. Why don't you walk through that?

Matt Erickson:              Yeah. It processes steps and flights climbed and heartbeat, and all that. That amount of data is just massive on a device. I think the quantity of entries is really what takes it so long to process. But when you have that enabled, it is tracking as much as it can track at all times.

Bryan Neumeiste...:      Yes.

August Brice:                And so really quickly, you go into settings and you scroll down, and you find the Health app and you disable. Is there anything other than that to do?

Matt Erickson:              That should cover it.

August Brice:                But, this person looks everyday just to make sure it isn't somehow toggled on, which is interesting because sometimes, things just update automatically. All of a sudden, you're looking and you're like, "Wait, I didn't have Siri on for anything. Now, Siri's on for everything." It's crazy how it is out of our control.

Bryan Neumeiste...:      Literally, every time there's a computer update, I go through my privacy on my computer and spend 20 minutes making sure that everything is shutdown because there's so many ways they want to grab data from you, from browsers to whatnot. But every time you do an update, they usually want to reset all the privacy settings. That's the first thing you've got to do is go through that. That's just nature of the beast.

August Brice:                Exactly. That's why, as a rule, I don't auto up and I turn auto update off on everything. But then, I go in. I look and I go, "Oh, hey, it says that Instagram needs an update." And so of course, I want to update Instagram because I just want to make sure that they're protecting my safety to whatever extent they can. And so, I'll do the update and then I'll find that other things are affected. It's crazy.

Bryan Neumeiste...:      Yeah. It's very much that way with computers and I say for Windows users. For me, NET Framework update's always been the thing that causes issues with the type of programs we run. That's just something that the developers for forensic materials aren't huge companies, so they don't often get the framework to work with before it comes out or very shortly before it comes out. So, there's all of a sudden catch up in lag time. So, you don't want to be updating until that's patched by the manufacturer of the forensic software.

August Brice:                Right. We're talking about iPhone, but actually this is an Android update as well. I understand with the Android, you didn't even get the opportunity to say no, don't update. Is that true?

Matt Erickson:              I haven't seen Android version that released that directly, but that's what I'm reading as well. It's just basically on for Android.

August Brice:                Right. It's on. You don't even get a chance to say no. They're saying, "But wait, it's not an app, it's just API." So really quickly, define API.

Matt Erickson:              It's an application programming interface. Essentially, it's just a way for applications to communicate with data within the operating system. There's certain functions and features built into any operating system. The API just enables developers to create an application or a function of some sort that communicates with the data stored in an operating system.

August Brice:                Okay, so it's all ready for the app. For any app that might want to use whatever that secret sauce is that enables the tracking, it's ready.

Matt Erickson:              Exactly.

August Brice:                That's scary. I want to ask you guys, are you updated? Did you update?

Matt Erickson:              Yes.

August Brice:                You did?

Matt Erickson:              Yes.

August Brice:                Okay. What are you going to say to me because I didn't update? I'm at 13.3.1.

Matt Erickson:              What model phone are you running?

August Brice:                I have an XS Pro on 13.3.

Matt Erickson:              From my standpoint, your phone's vulnerable to the exploit for jailbreaks at this point. So if someone did get their hands on your device, they could install that jailbreak and basically see everything. I mean, everything.

August Brice:                I'm not so worried about that because, first of all, I don't expect to be picked up.

Matt Erickson:              Right.

August Brice:                I don't expect to be in a situation where anybody has my phone because my phone's typically at home. It's just the way I use my phone. I don't really use it that much. And so, I text and I Signal and I ProtonMail. Hey, Bryan, what's the latest app we're supposed to be using other than Signal? What's the latest one?

Bryan Neumeiste...:      Threema. Threema is what we've switched to. Signal is vulnerable to us. In fact, we can actually extract Signal at this point. So, what it used to have was some bit of... It was elusive to forensic apps now, that's no longer the case, depending on a number of factors. But let's just say in general, that bridge is across now to Signal.

August Brice:                Okay. I'm heading over to Threema. That's how I use my phone. It's basically just for texting communication, online on my computer.

Matt Erickson:              Let me clarify one thing. It doesn't require a law enforcement to jailbreak the phone. So if you're walking along and you drop your phone on the street by accident, and you don't realize that anybody that's tech savvy can pick up your phone, and if you're on the latest version with your exact model, they're not going to be able to do a jailbreak and see any of your data. If you are vulnerable to a jailbreak, they can install that very easily. There's a lot less security holes in the later operating system. They're going to be able to exploit and see anything, just in case you lose your phone.

August Brice:                So then, I should update to 13.5.1 is what you're telling me?

Matt Erickson:              Correct.

Bryan Neumeiste...:      Yes. Also think of this, if you have any corporate or personal data on there you wouldn't want to share, it would be vulnerable as it is. With the new update, it wouldn't. That's something you know. Of course, you obviously have your face ID off and any kind of palm reader on.

August Brice:                Of course.

Matt Erickson:              I can tell you this, with the phones that I do where I jailbreak them to get more data, it tells you everything. If you're running a phone that's not able to be jailbroken, email is by default encrypted on a device. So just a standard extraction, we can't see email.

August Brice:                That's good.

Matt Erickson:              Yeah. But with the jailbreak, it shows you everything.

August Brice:                To that point, it's probably recording anyway even though I haven't enabled it.

Bryan Neumeiste...:      No, because it would show on the amount of data used in your hard drive space or your drive space basically.

Matt Erickson:              If you open up your Health app and look at your number of steps, if it's showing you steps, then it's definitely recording.

August Brice:                Yeah. No, it's not.

Matt Erickson:              But if it's not, then it's not running.

August Brice:                I tell people because we were like, "What Faraday Faraday?" You know what I mean? It's like, it's the GPS. You were saying, though, somebody would physically have to have possession of my phone to do a jailbreak.

Matt Erickson:              Correct. Yes.

August Brice:                Anybody, somebody, it might not be somebody nice. It might not be the police. It could just be some idiot who's out to get me.

Matt Erickson:              Right.

Bryan Neumeiste...:      Corporate espionage would be somebody steals your phone and gets your corporate texts. That would be something.

August Brice:                Okay. And so if I update, won't there be somebody that's creating something that allows that jailbreak on the next update too?

Matt Erickson:              Always.

August Brice:                Okay.

Matt Erickson:              That's in progress, for sure. But these days, there's two hurdles for them. It's not just the operating system. There's also encrypted hardware around the chips that are in the phone. So, it's taking them much, much longer these days to get those going.

Bryan Neumeiste...:      For example, if somebody installed a nanny app or something like that, it also blocks transmission. Don't limit yourself to the amount of they give you a default amount of numbers for your password. Add a couple because that requires you to use the okay button. The okay button circumvents the GrayKey hack, which is a long way around of saying if you add a couple of numbers to your passcode, like just two numbers, that's going to make it a lot safer than the standard set up that comes from the iPhone.

August Brice:                What about alphabetical? Would you recommend alphabetical over numeric?

Bryan Neumeiste...:      It's the same. It doesn't really matter. You're just pushing buttons basically, an unlock sequence. But if you add to unlock sequence, you're changing the default, which is what most GrayKey and those kinds of cracking apps look for. We have ours with more digits. You'd have to do one more step to open our phones than you would with a normal iPhone.

August Brice:                But, I have a long sentence.

Bryan Neumeiste...:      You used a statement, you're good.

August Brice:                Oh, it's fun. Thanks, you guys. Matt Erickson, Bryan Neumeister, USA Forensic, thank you so much for almost convincing me that I better update to 13.5.1.

More Tech Wellness Topics

5G
DIY
EHS

Leave a comment

Please note, comments must be approved before they are published