Greg's Corner

Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 8:04 am on October 21, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), cybersecurity, internet of things/ ( 7 ), IoT ( 7 ), security ( 46 ), Smart Home ( 5 ), two factor authentication ( 17 )   

  Smart home camera hacked in baby’s room 

  

  A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

  The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

  [youtube https://www.youtube.com/watch?v=Tgfg4Dv2B2M%5D

  While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

   

  Leave a ReplyCancel reply
• 

  Geebo 8:00 am on October 15, 2019 Permalink | Reply
  Tags: cybersecurity, phone security ( 6 ), privacy ( 46 ), security ( 46 ), sim jacking ( 3 ), sim swapping ( 8 ), smart phones ( 13 )   

  SIM Swapping can cost you thousands if you’re not careful 

  

  Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

  SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

  [youtube https://www.youtube.com/watch?v=6occS3PyOss%5D

  While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

   
• 

  Geebo 8:00 am on October 9, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), advertising ( 11 ), cybersecurity, phone security ( 6 ), security ( 46 ), Twitter ( 13 ), two factor authentication ( 17 )   

  Twitter leaks phone numbers to advertisers 

  

  We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

  [youtube https://www.youtube.com/watch?v=07mRDyydCNY%5D

  Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

  Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

   
• 

  Geebo 8:00 am on October 3, 2019 Permalink | Reply
  Tags: cybersecurity, formjacking, security ( 46 )   

  New online attack is undetectable! 

  

  With most online threats there is a lot that consumers can do to protect themselves. For example, with phishing attacks, you can go to a website directly rather than using the link provided in an email or text. To avoid malware you can avoid risky websites and install an anti-malware program in case you do get infected. However, security experts are now warning about an online threat that has virtually no protection. It’s called formjacking and there’s no way to detect it until it’s too late.

  Formjacking is when a third-party injects code into a secure website that uses forms for anything from a job application to payment methods. If a website has been compromised then the attackers can lift any information submitted through the form. As you can imagine, this can include your home address, your social security number, and any credit or debit card numbers. The only defense against formjacking is for the company that owns the website to do a constant review of the site’s code to make sure there is no malicious code in there.

  [youtube https://www.youtube.com/watch?v=zeRxFynfvLE%5D

  Not all hope is lost though. There are services that can provide you with temporary charge card numbers that can be assigned to individual services that you may use. Your bank or credit card provider may also offer such a service. Both Google and Apple Pay are reportedly said to be secure as well. But we fill out so many forms online there isn’t anything that can guarantee 100% protection. Your best defense is to keep a watchful eye on your charge statements and credit history to make sure that no one has lifted your information and used it for their gain.