Peek-A-Boo. I See YOU

In case you missed it, there is a breaking story today about a family who had a webcam as the baby monitor. A hacker was able to locate the camera (easy to do), but then was able to move the camera to see around the room, and then actually spoke to the child through the camera!

For the complete story, click [here]. 

Clearly this is disturbing for a number of reasons. Not the least of which is the fact that a criminal or predator now has the ability to “see behind closed doors” and know exactly what you are doing, when you are doing it, and with whom; and, with sight and sound.

The second very disturbing aspect of this story is that the hacker could have come in through the Internet connection (in which case, he could be anywhere in the world), or he could have come in through the wireless access point (in which case, he is out front right now).

In Cyber Security, there is a technique called “war driving” where basically you drive around a neighborhood looking for any wireless signal that is not secure. It is very easy to do and most smart phones do it automatically (amazingly enough).

And, just in case you think your WAP is just too obscure to be noticed, take a look at this website at wigle.net. This site contains maps of wireless access points with accompanying information. Go to the home page, click on Web Maps and then enter in a location.  Be prepared to be amazed.

Getting back to the webcam matter, while webcams are a neat tool not only for Skype-like communications and general security, unless you secure your webcam, you are only providing access to a well-organized enemy. Check out this story by Amar Toor on The Verge about “an interactive map of insecure webcam feeds”.

Now the best part is that nearly all phones, tablets, and laptops come with camera and microphone installed. Which means that no matter where you are or what you are doing, a committed hacker can find you and activate your camera and mic.

But wait, it gets worse. As we “discovered” only last week, Federal agencies are using hacking tools to locate potential terrorists. If that is true, is it possible they would even …[fill in the blank]?

Seriously, put some electrical tape over your webcam. And if you do need a baby monitor, lock it down!

1 Million Malicious Apps

In case you missed it – and with all that is going on this week, it would be hard not to – a new study by Trend Micro indicates that by 2014, cyber hackers will have created more than 1 million malicious apps for the Android.

See the full story here.

This is big news for several reasons:

1. Androids account for nearly 80% of all smart phones planet-wide. This means you,
2.  Most smart phone owners do not even have virusprotection on their phones and they don’t come pre-installed,
3. And yet, many people use their phones for business, banking, and other “secure” activities.

And, don't think that because you have an iPhone, you are immune to the problem. Apple wants you to think the iPhone is immune (click here), but some do not agree (click here).

See, the way that apps markets are set up for Android, Apple, and Microsoft, is that you can create any kind of app you want and post it in the market place. Maybe the app is checked and maybe it is not. Either way, most hackers know that it’s not the initial app that gets you; rather, it is the malicious app “update”. This is because most people with allow updates without even a question.

In a sense, you infect yourself. Pretty cool.

Remember, awareness is half the battle.

In Defense of "The Dive"

When it comes to recent cyber security events, these past few weeks have been most strange. It was not terribly surprising to learn that the NSA has been using hacker tools to monitor for terrorism – that was to be expected. After all, if the bad-guys can use a tool, we should be able to use the same tool.

It is also not too surprising that the NSA (and possibly others) are tracking Google searches to look for anything “suspicious”. After all, an Internet connection is not private. And as recent events in Boston have demonstrated – if the Feds know that someone has potential to do something and they don’t do something about it, things can get bleak fast.

[BTW, here is a nice link about how the CDC uses Google search trends to track influenza]

And, it is not even surprising that if someone Googles related terms, such as “backpack” and “pressure cooker”, they can expect a visit from thelocal SWAT team. Although in this case, we did learn later that the fellow did a search on “pressure cooker bombs”. That changes the story just a bit.

However, when it comes to personal security, what does make me nutz is when we do it to ourselves. A perfect example of a mental lapse is this story which broke in today’s Oregonian where the folks at Sylvan Learning Center tossed a massive amount of personal data on their clients – including social security numbers and credit card numbers – into the dumpster!! It will cost them $100k for that slip up.

Grrr. And who says “dumpster diving” is a lost art?