Tagged: IoT Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on July 9, 2020 Permalink | Reply
    Tags: , IoT, , security cameras,   

    Burglars don’t have to hack your camera to see if you’re home 

    Burglars don't have to hack your camera to see if you're home

    We’re pretty sure that we’ve all seen the stories of homeowners and families getting their home security cameras hacked. Usually, it was done by an internet prankster or troll who posed no real danger to the people in the home although some of the pranksters took the joke too far by scaring some of the families. The cameras are normally hacked when the residents use weak passwords for their wifi or the cameras themselves. Now some security experts say that crooks don’t even need to hack your camera to tell when you’re not home.

    According to security researchers from a British university, home security cameras that are connected to the internet send out different rates of data depending on the amount of movement being recorded. To keep down the price of the cameras, the data is unencrypted. However, a potential burglar could be able to tell when no one is home by the amount of data the camera is sending out. The higher the amount of data that’s sent out, the greater the likelihood is that someone is home.

    Thankfully, for right now anyway, this is all theoretical. There are no records of anyone using this exploit to rob a home. A thief would have to have intricate computing knowledge to be able to find the exploit. Not just anyone with a phone or a laptop can come up to your home and easily determine your camera’s data output, yet. The researchers are quick to add that there is potential for someone to make software to make the operation easier.

    This does show yet another flaw in smart devices connected to the internet known as the internet of things. IoT devices aren’t always as reliable as their manufacturers claim they are. If any device is connected to the internet, there is always a chance that it could be hijacked, hacked, or attacked.

     
  • Geebo 9:00 am on December 31, 2019 Permalink | Reply
    Tags: , , , IoT, Wyze   

    Another security cam company has data breach 

    Another security cam company has data breach

    You may have recently seen that Ring cameras have not been having the best time of it in the news lately. If their cameras aren’t being hacked by internet pranksters, they’re making headlines for a potential data breach. Because of this, you may be considering using a Ring competitor to monitor your home. If you are, you may want to choose carefully as a Ring competitor just had a massive data breach that makes Ring’s look like a minor oversight in comparison.

    A cybersecurity firm recently announced that they found the security company Wyzed had exposed the personal information of over 2 million customers. Wyze themselves said the breach came about from a database error that led to the server’s security protocols being removed. The data was exposed from December 4th until the 26th when Wyze was notified of the breach. To Wyze’s credit, they rest all the security tokens for their customers requiring them to reset their login credentials.

    However, there is something in reports that should cause concern among Wyze’s users. The cybersecurity firm that found the breach has also claimed that data was being sent to the Alibaba Cloud in China. Wyze says they do not use Alibaba Cloud and that they do not share data with any government agencies. While Wyze may not be sending data to the Chinese government is it possible that they’re just taking it instead?

    If you are a current Wyze customer, you should be on the lookout for identity theft scams such as phishing attacks.

     
  • Geebo 9:00 am on December 24, 2019 Permalink | Reply
    Tags: , , , IoT, ,   

    Ring denies massive data breach 

    Ring denies massive data breach

    Ring’s cameras have been in the news a lot lately. Sometimes it’s for good reasons like footage from a Ring camera led to the arrest or conviction of a criminal. However, most of the news seems to have been bad for Ring. Throughout 2019, there was a rash of news stories where hackers and internet pranksters would access someone’s Ring security camera to try to harass or scare a random family. Ring keeps claiming that these security breaches happen due to two-factor authentication not being enabled. But how can that explain close to 4,000 Ring account credentials being exposed on the web?

    BuzzFeed News reported on the alleged breach after they were contacted by a security researcher who found the exposed credentials online. When Ring was asked about the breach, they claimed that there was no breach at all. A Ring spokesperson claims that the credentials were harvested from other data breaches outside of Ring and that Ring customers were just using the same passwords and logins as their Ring service. While that’s statistically improbable, it could be true. Except, BuzzFeed showed the customer credentials to more security experts who noted that the credentials contained Ring specific data such as camera names that customers use. Reportedly, this kind of information can’t be gleaned from outside of Ring’s network.

    If you are a Ring customer, we would recommend changing your login and password as soon as possible and to enact two-factor authentication. With 2FA enabled, it will make it more difficult for someone to access your home cameras. Also, if you’re using the same login and password for other online accounts as you do with your Ring setup, you change them immediately as well. And never use the same password across multiple online accounts. Once one of those accounts become compromised, then they all do.

     
  • Geebo 9:00 am on November 8, 2019 Permalink | Reply
    Tags: , , , IoT, ,   

    Is your Ring doorbell at risk of attack? 

    Is your Ring doorbell at risk of attack?

    Ring Doorbells have become very popular over the past few years. Not only does it offer the convenience of knowing who’s at your door while you’re not home, but it also records any interaction that occurs at your front door. With the assistance of Ring Doorbells, all sorts of interlopers have been caught ranging from porch pirates to home intruders. They’ve become so popular and ubiquitous that police stations around the country are recommending residents install one and become part of a police network of cameras. So, it should come as no surprise that bad actors may want access to your camera.

    Amazon, owners of Ring, recently announced that there was a vulnerability in Ring Doorbells that could have exposed your wifi password to attackers. During the authentication process, the communication between your doorbell and the was unencrypted leaving your wifi password open in plain text and potentially available to hackers. While any attack wouldn’t be able to control the camera itself, once your home wifi is vulnerable an attacker could compromise any number of systems especially if you have a number of smart home or internet of things (IoT) devices.

    Thankfully, Amazon patched this vulnerability before they made it public knowledge. That’s not even taking into account that any attack against the doorbell would have to happen at the precise moment of authentication and the attacker would need to be in range of your home wifi. The chances of a hacker being on your property at the time of authentication are very slim. However, this does show that no smart home or internet-enabled security device is foolproof. When purchasing such a device, do your research in finding out which ones are the most secure and which ones receive regular updates from the manufacturer. Otherwise, you could be as secure as leaving your front door unlocked.

     
  • Geebo 8:04 am on October 21, 2019 Permalink | Reply
    Tags: , , , IoT, , ,   

    Smart home camera hacked in baby’s room 

    Smart home camera hacked in baby's room

    A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

    The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

    While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on October 7, 2019 Permalink | Reply
    Tags: , , , , , IoT, , , virtual assistant,   

    Beware the activation fee scam for new devices 

    Beware the activation fee scam for new devices

    In the past, we’ve discussed a couple of scams that could affect new owners of such devices like the Amazon Echo or the Google Home. The first was using unofficial apps to help you get your device activated. The second was using your virtual assistant to look up phone numbers for you which could result in being connected to scammers posing as services you may not use that often. Now, the Better Business Bureau (BBB) is reporting a new scam that could affect new owners of these devices and this scam could cost users money.

    This new scam kind of resembles the unofficial app scam. The difference with this scam is with fake phone numbers posing as technical support for many of these devices. If someone were to do a web search looking for a technical support number for one of these devices the number that appears may not be that of the company who made the device. Instead, it may belong to scammers who are going to try to get you to pay an ‘activation fee’ while posing as companies like Amazon and Google. This scam not only applies to devices like this but to many other services as well such as anti-virus and printer support just to name a few.

    If you have technical trouble setting up any kind of device or service it is always recommended that you go to the manufacturer’s or distributor’s website to locate the proper customer service number. Scammers will use search engine optimization (SEO) tricks to try to get their phony number listed first on search engines even above those of the legitimate manufacturer’s. Also beware of any technical support that tries to get you to pay for their service using gift cards, prepaid debit cars, or money transfers. That is guaranteed to be part of a scam as once the money is paid, it will be next to impossible to recover from a scam artist.

     
  • Geebo 8:00 am on September 26, 2019 Permalink | Reply
    Tags: , , , IoT, , ,   

    When a smart home isn’t so smart 

    When a smart home isn't so smart

    Many people think that they are better securing their home by installing smart devices. These devices can range from anything from cameras to door locks and anything in between. These classes of smart devices are known as the internet of things or IoT for short. That means that these devices are connected to the internet so the user can control them from just about anywhere. The major drawback to IoT devices is that they can also be controlled by bad actors if the user isn’t careful.

    A couple in Milwaukee found that the hard way this week when someone was able to take control of some of their smart devices. The couple had a nest camera and thermostat installed. When one of them came home they found that the thermostat was set at 90 degrees. After that, someone started verbally harassing them through the speaker on their security camera. Even after the couple changed all their passwords the abuse continued until the devices were disconnected. The couple lays the blame at Nest, which is owned by Google, but the fault may lie elsewhere.

    It’s not hard to hack into IoT devices if the users are using the same password or weak passwords to secure their network and devices. Also, as we discussed with the recent YouTube hack, two-factor authentication (2FA) should also be enabled on these devices. While 2FA has its own flaws, it’s more secure than using an easily guessed password. These devices are designed to help protect your home, but if you’re not using 2FA it’s like having the most expensive lock that you just leave the key in.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel