Follow by Email

Thursday, August 27, 2015

Keys to the vault

iPhone®s have a feature that enable users to share files via Bluetooth®. You simply activate Bluetooth® on your phone and search for the other person’s phone signal. Rather than send several emails or texts with photos it is simple file transfer. We successfully completed this method of file sharing in a public setting. Very simple and convenient. What was noted was the number of open Bluetooth® connections that were also within range. This is like walking around with your purse wide open or leaving your car keys in the door lock.

Bluetooth® use developed slowly, but once other technology caught up it’s use exploded. Bluetooth® was developed in the early 1990’s. It wasn’t until 2000 that the first mobile phone with Bluetooth® technology came to market. In 2001, laptops and peripherals (printer, ear pieces, car kits) came to market. The next several years produced everyday items that could connect via Bluetooth®, such as TVs, glasses, watches, and appliances. Around 2005 is when Bluetooth® became a popular feature on phones. After Smartphone’s took off in 2007, it became a standard feature and every year since more uses between phones and other devices have been released.

Hacking into Bluetooth began almost as soon as it became widely available on phones. Once consumers began using their phones for more financial exchanges and social media hackers seized on the opportunity to exploit users lack of knowledge in regards to security and Bluetooth® connections. Most phones at startup activate the Bluetooth® feature. The user has to purposely turn off the connection. However, few do, either because they are unaware or actually use features such as earpieces or car connections. When not using the devices users leave their phones in the discoverable mode.

Hacking exposure

As with Wi-Fi, hackers love sitting in public places scanning for phone signals in public places. They setup shop in common, high traffic (use) areas by sending an open Wi-Fi signal or intercepting Bluetooth® connections between phones and peripherals. Bluebugging is a term to describe identity theft by hacking access to mobile commands on Bluetooth®-enabled devices that are in discoverable mode. Your phone is tricked into thinking that it is connected to the peripheral when it is actually connected to the hacker’s device. Once intercepted the hacker can take control of the device and/or retrieve data.

In July 2015, hackers successfully hacked into the system of a Jeep Liberty, taking control of the vehicle’s comfort, operational, and safety systems too include braking. This was done purposely to prove the vulnerability to automakers. But if one person figured it out you can be sure there is a long line of others.

As of this writing, research revealed there was little data regarding the number of Smartphones or personal accounts used on Smartphones that are hacked. It is doubtful that the lack of data is due to a low occurrence, but rather lack of realization, little reporting and/or notice by the media. You may occasionally see a flip phone or non-Smartphone but these types of phones are becoming rare. Many carriers do not offer these types of phones. There are an estimated 183 million Smartphone users in the U.S. alone, 2 billion worldwide. Next time you’re in public take a moment to look around and let it sink in how people around you have phones. Probably safe to say everyone.

New target

Just as your home computer  became vulnerable in the 1990’s, your phone is now the target. Only with your home computer you almost have to invite the hacker in through malware or ill advised website visit. Your phone on the other hand is with you all the time exposing it’s signals to the public wherever you go.

Most times you won’t even realize that your phone has been hacked. Not until strange social media posts surprise you or you notice withdrawals from your bank account. You home computer will get a virus. You’re email account will be hacked. Your credit card information will be stolen. And growing every year, someone will be kind enough to file your taxes for you, for the small fee of receiving your refund.

Eventually your phone will be hacked.  The best you can do is try to limit your vulnerability by keeping the doors shut.  Limit you public broadcasting of a Bluetooth® signal and use of public Wi-Fi. Turn off your Bluetooth® when not needed. If you do use password protected accounts through public connections, change your passwords after each use. Watch your data usage for spikes. Constantly check your financial accounts as part of your regular security routine.

Tuesday, August 4, 2015

What did you just say?

Just like online security, our day-to-day conversations with strangers can threaten our security. Most of the areas where we express ourselves online are password protected. We can go back and edit things that were written, change our personal data in profiles, Google even has an “unsend” feature for email. The spoken word cannot be retrieved as easily.  Sometimes we just talk too much to the wrong people. We either offer up personal information or unknowingly provide it when prompted by a stranger who knows how to extract information.

Every neighborhood has door-to-door salesman. Are they pushing product or gathering intelligence? Some criminals pose as salesman, going from house to house trying doors hoping not to run into anyone and making note of what they can; alarm signs, cars in driveway, shrubbery, lights, the presence of dogs, etc. Some are bolder by selling random products, services, or free estimates looking to speak to homeowners, gain their trust and glean the information they need through conversation.

A conversation was overheard between a female neighbor and a salesman. The gentleman was selling organic cleaning products. He was very charming, loquacious, and had quite the patter. Throughout a ten-minute, low key, no pressure conversation in which he demonstrated his product, the salesman was able to determine that the lady was willing to open the door, home alone during the day, with one, two-year-old child, and no dogs. By sight he could determine her age, physical makeup, and basic layout of the home as seen through the front door. He never really asked any direct questions, but through friendly conversation the lady was put at ease and freely provided the information.

Running con games on people isn’t the oldest profession but it’s been around long time. People trying to trick and deceive are excellent speakers. You can be in the middle of a conversation and giving up details before you realize it. They manipulate conversation to their advantage. Mind reading acts don’t actually intercept your brainwaves, they pickup on subtle cues that are provided through your words and body language. Pronouns and conjunctions can provide a lot of information if you know how to listen.

We do not want to be rude to others. We want to be friendly. So it’s easy for others to approach and engage in what seems like innocent conversation. The trick is finding that line that allows us to be nice without providing our biography.