Hackers Hacking Airport USB Ports

/in /by

Have you ever wondered if it’s a good idea to surf the internet using a public WiFi network at the airport? It’s heavily trafficked, so it’s more likely that your information could get stolen, right? In some cases, it is safe to use public WiFi; your information isn’t always entirely at risk if you’re connecting to the airport network but there are definitely vulnerabilities. And, when at the airport, you may want to rethink the urge to plug in your phone using one of the USB charging stations near the gate.

It is possible that cybercriminals could use those stations to download your personal data or install malware onto your device without your knowledge or consent. It’s a crime that’s being called juice jacking.

The IBM Security X-Force Threat Intelligence sector, says that using a public USB port for charging is similar to finding a toothbrush in the street and making the decision to put it in your mouth. You don’t know where the toothbrush has been, and the same applies to that USB port. You don’t know who used it before you and may not be aware that these USB ports can pass along data.

While it is possible for this to happen, it’s not necessarily an epidemic, and there isn’t a reason to panic just yet. There haven’t been widespread reports that juice-jacking has happened in airports (or anywhere else.) However, it could be happening without people knowing, which means it could be a significant issue, and no one knows it yet.

If you don’t like the idea of cybercriminals stealing your information and want to stay safe, do this:

Prevent Juice Jacking

  • Before leaving your house, make sure your phone is fully charged if possible.
  • Buy a second charger that stays with you or in your car at all times, and make a habit of keeping your phone charged while you drive.
  • Of course, there will be times when you’re out and about, and before you realize it, your device has gotten low on power. And it’s time to hunt for a public charging station.
  • Have a cord with you at all times. This will enable you to use a wall socket.
  • Turn off your phone to save batt. But for many people, this will not happen, so don’t just rely only on that tactic.
  • Plug your phone directly into a public socket whenever you can.
  • If you end up using the USB attachment at the station, make a point of viewing the power source. A hidden power source is suspicious.
  • If bringing a cord with you everywhere is too much of a hassle, did you know you can buy a power-only USB cord on which it’s impossible for any data to be transferred?
  • Another option is an external battery pack. This will supply an addition of power to your device.
  • External batteries, like the power-only USB cord, do not have data transfer ability, and thus can be used at any kiosk without the possibility of a data breach.
  • Search “optimize battery settings” iPhone or Android and get to work.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Deepfakes and the Impact on Cybersecurity Now and in the Future

/in , /by

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whether or not a video is real or fake.

Leaders in cybersecurity shared an example of how this works. Basically, they created a video of a man, Steve Grobman, an executive from McAfee, speaking. However, the words he was speaking were not his own; they were the words of Celeste Fralick, a female data scientist, who had created this deepfake video to make a point. This might seem like a fun trick to play on your friends, but in reality, it could have a huge impact on cybersecurity, as things like phishing and social engineering will become easier than ever for hackers.

Deepfakes and artificial intelligence can also be used for audio too. Meaning a person’s words can be spliced together seamlessly to create full sentences. Joe Rogan the comedian and podcaster who has 1300+ podcasts was used as a demo. But even more disturbing is Joe Rogans voice with Taylor Swifts face.

What could this mean for you? Well, since it’s so relatively easy to make a video like this, it could cause some real issues for the public. One way that it could be used is to start with a photo, and then change a very small part of it. This change would be unable to be noticed by a human, but the change would be enough for AI to see the photo as something else. So, if you can confuse something like artificial intelligence, you could certainly confuse the systems that are built to stop cybersecurity.

This could have a lot of negative impact on all of us, and it could really give a boost to those who make a living in taking advantage of others via cybercrimes.

The good news is that though this type of technology could be used for bad, artificial intelligence could also be used for good things. For example, the technology could be used to create a crime map of where crimes have happened and where arrests could be made, which would make our streets, safer. At the same time, it could also be used by criminals to know where they could commit a crime without being arrested. You could also look at it like this. During World War II, more than two million people were killed by bombs that were dropped from airplanes. Based on that information, Orville Wright, the inventor of the airplane, was asked if he regretted this invention. He said ‘no.’ Why? Because he looked at the airplane as similar as to fire; it could cause terrible destruction, but at the same time, it is so very useful. This new technology is the same, and it will be interesting to see how it comes to truly be used in the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Shrimp Tank Podcast

/in , /by

I recently had the opportunity to join The Shrimp Tank Podcast hosted on iHeartRADIO. I discuss my background, and how I became interested in the security field, including when my first business was hacked. I talk about Safr.Me and recommendations for all of you out there who need help staying secure. Enjoy!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Put the Stupid Phone Away! Pedestrian Deaths Rise

/in , /by

If you like taking an evening stroll, walking your dog, or even hitting the pavement for exercise sake, you could be putting yourself at risk according to a recent report from the Governors Highway Safety Association.

The statistics are shocking; the report looked at how many pedestrians were killed by vehicles while walking in 2018, and it was not only a 4 percent increase from 2017, but the highest rate of death since 1990.

Why are these numbers rising? There are a couple of reasons. First, there are more SUVs and trucks on the road, and these vehicles are more likely to kill someone due to the weight and size. In fact, since 2013, the number of pedestrian deaths caused by SUVs has risen by 50 percent. Another reason for this is that people are not paying attention, both behind the wheel and on the pavement. Why? Smartphones. Alcohol was also to blame, as about half of the deaths reported in 2017 was caused by alcohol consumption by either the pedestrian, the driver, or in many cases, both. Of course, there is also the fact that the population has grown, so there are naturally more people out and about on the streets.

Population growth might not seem like a big deal, but the statistics show otherwise. When you look at the states that have had the highest population growth from 2017 to 2018, you also see that there is an increase of the number of deaths from pedestrians getting hit by vehicles. There has also been an increase in the number of people who are walking to work instead of driving when you look at statistics from 2007 to 2016.

The Governors Highway Safety Association also reports another unsurprising fact; the majority of these deaths are occurring after dark, and when comparing the number of pedestrian deaths during the day and at night, the nighttime deaths are rising quickly when compared to daytime deaths. When you look at the number of nighttime deaths between 2008 and 2017, there was an increase of 45 percent. When looking at daytime pedestrian deaths, there is also an 11 percent increase between those same years.

If you are looking for a safe place to walk around, consider New Hampshire. There was only one death in the first half of 2018. On the other end of the spectrum, New Mexico had the highest rate of pedestrian deaths. Almost half of all pedestrian deaths in the United States occurred in Florida, Arizona, Texas, California, and Georgia. None of us should have to worry about crossing the street, and this might be a sign that it’s time to improve vehicle design and improvements to the road.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Young Kids Getting Sexually Exploited Online More Than Ever Before

/in , , , /by

An alarming new study is out, and if you are a parent, you should take note…children as young as 8-years old are being sexually exploited via social media. This is a definite downturn from past research, and it seems like one thing is to blame: live streaming.

Robert Siciliano Quora Breach

YouTube serves up videos of kids, in clothing, that pedophiles consume and share as if it is child porn. It’s gotten so bad that YouTube has had to disable the comments sections of videos with kids in them.

Apps like TikTok are very popular with younger kids, and they are also becoming more popular for the sexual predators who seek out those kids. These apps are difficult to moderate, and since it happens in real time, you have a situation that is almost perfectly set up for exploitation.

Last year, a survey found that approximately 57 percent of 12-year olds and 28% of 10-year olds are accessing live-streaming content. However, legally, the nature of much of this content should not be accessed by children under the age of 13. To make matters worse, about 25 percent of these children have seen something while watching a live stream that they and their parents regretted them seeing

Protecting Your Children

Any child can become a victim here, but as a parent, there are some things you can do to protect your kids. First, you should ask yourself the following questions:

  • Are you posting pictures or video of your children online? Do you allow your kids to do the same? A simple video of your child by the pool has become pedophile porn.
  • Do you have some type of protection in place for your kids when they go online?
  • Have you talked to your children about the dangers of sharing passwords or account information?
  • Do your kids understand what type of behavior is appropriate when online?
  • Do you personally know, or do your kids personally know, the people they interact with online?
  • Can your kids identify questions from others that might be red flags, such as “where do you live?” “What are your parents names?” “Where do you go to school?”
  • Do your kids feel safe coming to you to talk about things that make them feel uncomfortable?

It is also important that you, as a parent, look for red flags in your children’s behavior. Here are some of those signs:

  • Your kid gets angry if you don’t let them go online.
  • Your child become secretive about what they do online, such as hiding their phone when you walk into the room.
  • Your kid withdraws from friends or family to spend time online.

It might sound like the perfect solution is to “turn off the internet” at home, but remember, your kids can access the internet in other ways, including at school and at the homes of their friends. It would be great to build a wall around your kids to keep them safe, but that’s not practical, nor is it in their best interest. Instead, talk to your child about online safety and make sure the entire family understands the dangers that are out there.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Are Password Managers as Safe as You Think They Are?

/in , /by

You have probably heard of password managers, and you probably think they are pretty safe, right? Well, there is new research out there that may might make you think twice, especially if you use password managers like KeePass, 1Password, Lastpass, or Dashlane. Frankly, I’m not worried about it, but read on.

Specifically, this study looked at the instances of passwords leaking from a host compute or focused on if these password managers were accidently leaving passwords in the computer’s memory.

What was found was that all of the password managers that were looked at did a good job at keeping these passwords secure when in a state where it was “not running.” This means that a hacker would not be able to force the program into giving away the user’s passwords. However, it was also noted that though each password manager that was tested attempted to scrub these passwords from the memory of the computer, it wasn’t always successful…meaning, your passwords could still be in the memory.

Some of these programs, like 1Password, seemed to have left the master password, but also the secret key for the program. This could possibly allow a hacker to access the info in this program. But, it’s important to note that these programs are trying to remove this information, but due to various situational issues, it’s not always possible.

Another program, LastPass, was also examined, and it, too, caused some concern amongst researchers. Basically, the program scrambles the passwords when the user is typing them in, but they are decrypted into the computer’s memory. Additionally, even when the software is locked, the passwords are still sitting in the memory just waiting for someone to extract it.

KeePass, which is yet another password manager, was also looked at here. In this case, it removes the master password from the computer’s memory, and it is not able to be recovered. However, other credentials that were stored in KeePass were able to be accessed, which is also problematic.

Should you be worried about this? Well, it depends on your personal thought process. Some people probably won’t care too much, and others won’t be affected because they don’t use password managers that have these issues. Since the researchers pointed out these issues each password manager has done their own updates and corrected any issues. The real vulnerability isn’t the security of the password managers but the security of the devices, their users and if the users are deploying the same password across multiple accounts.  Using the same password over and over is the risk here. So get a password manager so you can have a different password everywhere.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Facebook Wants my Social Security Number!

/in , /by

WTH Facebook? Generally,  I don’t have a problem giving out my SSN. That might seem contrary to the advice I give, but frankly, our SSNs are everywhere and if my insurance company needs it, I’ll generally just question them on it, maybe resist a bit, and if they insist, and I need that insurance policy, I’ll cough it up.

facebook security

My identity in regards to “new account fraud” is protected via a credit freeze and I also have identity theft protection in place. So between the two, I’m pretty locked down. This is the advice I give everyone. So I’m generally not alarmed or concerned when asked for my SSN.

BUT, today friggin Facebook asked for it and of all the company’s or government agency’s on the planet to ask for this level of personal identifying sensitive information, Facebook is the world’s single most notorious abuser of privacy in the history of the world.

There have been countless breaches and privacy issues with Facebook and this is so over the top I can’t even believe they have the nuts to ask for a copy of my Social Security card.

Here’s how it played out….An email came in from Facebook subject line “Your sales are on hold”  with the message:

Hi Robert Siciliano: Security Awareness Fraud & Personal Security Expert,

When Robert Siciliano: Security Awareness Fraud & Personal Security Expert’s shop was set up, Robert Siciliano’s information was entered. To help keep Facebook secure, we need to confirm the identity of people representing a business on Facebook or Instagram.

Your sales have been temporarily put on hold until we can confirm Robert’s information. This is a standard process and should only take a few minutes to complete.

Once you confirm Robert’s information, you’ll be able to receive payments again.

Thanks,
The Facebook Team

WTH?!! OK, sure. So I sell my books on my Facebook page and e-commerce is involved. There’s a tax thing going on here. But they aren’t asking for my EIN or are engaging me in a formal process to vet my viability as a tax payer. They are asking for a copy of my SSN in the form of a scan to “verify” me!

I clicked a link on Facebook to see where this debacle would take me and see here:

So I clicked “Contact Us” to voice my frustration and my response was:

And I’ll repeat: “Screw off. I’m not sending Facebook a copy of my SSN card. WTH is wrong with you? What are my other options?

Stay tuned for how this BS turns out.

To be continued. Robert.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Anyone Can Scam You, Even Your Folks

/in , /by

You might feel pretty safe with your parents, but more and more stories are coming out about scammer parents—especially when it comes to getting into college.

By now, we have all heard of the famous faces who have gotten caught up in the college admission scandal, but they are not the only ones. Other families are also involved in the scandal, including a wealthy Chinese family who paid $6.5 million in 2017 to get their daughter admitted to Stanford. They did not pay the school, of course, but they did pay college consultant Rick Singer, who is at the center of the college admission scandal.

The Los Angeles Times broke this story, and it is unknown, at this time, if the family knew that they were doing something wrong. Neither the family nor the student, who all live in Beijing, have been charged with any crimes. Stanford has released a statement to say that it has not received any money from the student’s family (or from Singer), and it was not even aware of any of this until the Times’s story was published.

Other families associated with the college admission scandal are starting to get their days in court, including Bruce and Davina Isackson, who pleaded guilty in a Boston federal court for their involvement in the scam. They were the first to plead guilty and also the first who have said that they will fully cooperate with the investigators and testify against the other parents who are accused in the scandal.

The Isacksons are accused of paying $600,000 to ensure that their daughters were admitted into the University of California, Los Angeles and the University of Southern California. The money was paid to admit both of the girls to the schools as fake athletic recruits, and it was used to pay Singer to rig the entrance exam score for one of them.

The couple did release a statement through their attorney. They expressed their regrets for their actions and stated, “Our duty as parents was to set a good example for our children, and instead we have harmed and embarrassed them by our misguided decisions.”

There are many parents involved in this scam, including 12 parents who have already agreed to plead guilty. This includes actress Felicity Huffman.

Other parents are fighting the charges, and they could be in for a rough road; the parents and coaches who are helping the investigators are full of information, and it could harm any efforts of those whom have pleaded not-guilty.

Since the scandal has hit, even former coaches are stepping up, including those at USC and the University of Texas at Austin. This also indicates that there could be more indictments coming soon.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.