Beware of those hackable Holiday Gifts

If you’re going to drone on and on about how you got hacked by a cyber thief, maybe it’s because you played with your new drone—you know, those rad little flying devices that hover via remote control over your street? Yes, they are hackable.

5WIf you don’t have a drone, don’t be surprised if you get one as a gift this season, as Americans are spending tens and tens of millions of dollars on them.

First off, if you spot a drone, before you go, “Wow, cool, there’s a drone! Kids, come look at this!” consider the possibility that it’s spying on you.

Drones can be connected to the Internet and also have a camera—two ways the cyber crook could spy on you. If something is connected through Wi-Fi, it can hacked, and this includes wireless Bluetooth.

So this means that your drone or your kids’ drone could get hacked into. To guard against this, you must continually keep its firmware updated, and use a password-protected Wi-Fi.

So even though the drone is your nine-year-old’s “toy,” it’s a potential gateway for hackers to slither their way into your bank account, medical records and online accounts. And since the drone can be the hacker’s portal, so can your child’s other remote controlled, Wi-Fi connected devices.

Every device, even a remote controlled car that’s connected to Wi-Fi, should at a minimum have the latest software updates or in some cases have security software to protect against viruses and other malware and also phishing scams.

And it’s not just thieves who want to hack into your personal affairs to get your money. A hacker may be a pedophile, seeking ways to find victims.

A hacker could get in even through an application you just downloaded. Before downloading anything, you should read what the app has access to. You may be unknowingly granting permission for the app to access e-mails or turn on cameras.

Anything that’s “smart” – not just the smartphone, smartdrone, Ebook or tablet – can be a portal to a cybercriminal. This means that smartwatches are on this list. So are those fitness trackers you put on your arm. A hacker could get into your phone via that device on your upper arm that’s tracking your heart rate.

So before you do the “cool!” thing, first do the “security!” thing. Be mindful of what you purchase and the measures you take to protect it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Be Cautious When Using Wi-Fi

The proliferation of mobile devices means that we can work or play online from almost anywhere, so it’s no surprise that public Wi-Fi networks have become more common. From hotels and coffee shops, to universities and city centers, Wi-Fi is widely available, but is connecting to these networks safe?

4WIf you were carrying on a highly sensitive conversation on a park bench with your closest friend, would you want everyone in the immediate area to gather around and eavesdrop?

That’s essentially what happens—or what could happen—when you communicate online using public Wi-Fi, such as at coffee houses, hotels and airports.

Non-secured public Wi-Fi makes it easy for hackers to read your email correspondence and the information you type to get into your critical accounts.

Of course, with a VPN, your online activities will be unintelligible to eavesdroppers. A virtual private network will encrypt everything you do so that hackers can’t make sense of it. A VPN is a service you can use when accessing public Wi-Fi. A VPN will also prevent exposing your IP address.

So, if you are going to connect to public Wi-Fi, make sure that you take some steps to keep your device and information safe.

Follow these tips to stay protected:

  • Turn off sharing—Keep others from accessing your computer and files by turning off sharing when you are on a public network. This can be accomplished by visiting your computer’s control panel (on Windows), or System Preferences (Mac OS X).
  • Use a “Virtual Private Network”—If you frequently use public Wi-Fi, it might be a good idea to use a Virtual Private Network (VPN). A VPN is like your own private network you can access from anywhere. You can subscribe to VPN services for a low monthly fee.
  • Avoid information-sensitive sites—When using public Wi-Fi, try to avoid logging in to banking and shopping sites where you share your personal and financial information. Only do these transactions from a trusted connection, such as your protected home network.
  • Use sites that start with “https”—Sites that begin with “https” instead of just “http” use encryption to protect the information you send. Look for this level of security on sites where you plan to enter login and other personal information.
  • Use multi-factor authentication – Find out which of your accounts offer two-factor authentication. This would make it next to impossible for a hacker, who has your username and password, to bust into your account—unless he had your phone in his hand—the phone that the two-factor is set up with.
  • Always log out – Don’t just click or close out the tab of the account when you’re done; log off first, then close the tab
  • Avoid automatically connecting to hotspots—Keep your computer or device from automatically connecting to available Wi-Fi hotspots to reduce the chances of connecting to a malicious hotspot set up to steal information. Make sure your device is set up so that it doesn’t automatically reconnect to that WiFi when within range. For example, your home WiFi may be called “Netgear” and will reconnect to “Netgear” anywhere, which might be a hackers connection who can snoop on your data traffic.

PC:
For Windows
Make sure no “Connect Automatically” boxes are checked.
Or, go to the control panel, then network sharing center, then click the network name
Hit wireless properties.
Uncheck “Connect automatically when this network is in range.

For Mac:
Go to system preferences, then network
Under the Wi-Fi section hit the advanced button.
Uncheck “Remember networks this computer has joined.”

Mobile:
For iOS:
Go to settings, select the Wi-Fi network, then hit forget this network.
For Android:
Get into your Wi-Fi network list, hit the network name and select forget network.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

5 Ways to prevent Airline WiFi from Hackers

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Ways to Protect Yourself from Hackers on Airline WiFi

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to see and boot off Someone using your WiFi

You were taught to share your toys as a young child, but this doesn’t apply to letting others use your Wi-Fi. The difference between sharing the plastic shovel and sharing the wireless connection is that with the latter, who’s to say that the “thief” won’t eventually crash in on your private information? And don’t forget that not only will this sharing possibly slow down your connection, but there could be legal repercussions if this moocher uses your connection for bad deeds.

2WHow can you spot a moocher?

  • Log into your computer’s router’s administrative console: Type its IP address straight into the browser address bar. Don’t know the router’s default address? Go to (Start > Run/Search for cmd) and then enter ipconfig.
  • The address you want will be next to Default Gateway, under Local Area Connection.
  • Mac users can locate the address by going to System Preferences, then beneath that, Network. If you’re using Ethernet it’ll be next to “Router:” and if you’re using Wi-Fi, click on “Advanced…” and go to “TCP/IP.”
  • Point browser to the address; enter your login details. If you’ve never changed the default settings, the login should be a combination of “password” and “admin” or blank fields.
  • Locate a section for wireless status or connected devices. Here you’ll find a table with details including the IP and MAC address of all devices currently connected to the router.
  • To find moochers, check that list against your gear.
  • To find the MAC/IP address of your computer, go to the Command Prompt and enter ipconfig /all. The MAC address will show as the physical address.

How to Help Prevent Mooching

  • Implement a strong password; use WPA2 or WPA, not WEP.
  • Turn off the SSID broadcast.
  • An alternative to the prior point is to set a filter up for blocked or allowed devices by MAC address.
  • Whenever on free public WiFi use Hotspot Shield to mask and encrypt all your data as it fly’s through the air.

If you want to find out just who is getting a free ride on your wireless, use MoocherHunter. This tool will locate the source within two meters of accuracy. Tracking down the culprit will prove handy if the moocher has been getting you in trouble by using your network for illegal activities.

On the other hand, if the lectures about sharing your toys still ring loud in your head, why not make lemonade out of this lemon by using a third-party firmware alternative to run a public hotspot? You can then offer for-pay Internet access points that come from your consumer router. Another option is to get a Fonera router. If you share some of your home WiFi, the Fonera router will grant you free roaming at Fon Spots all over the world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Big ISP free Wi-Fi hazardous to your Data Health

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this probably IS too good to be true. These are likely set up by thieves to trick you into getting on a malicious website.

3WAT&T and Xfinity have provided many free hotspots for travelers to get free Wi-Fi: all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.

AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.

Cyber thugs can set up fake hotspots called “evil twins”, which they can call “attwifi,” that your smartphone may automatically connect to.

For Xfinity’s wireless hotspot, you log into their web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.

If someone creates a phony WiFi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user knowing, without requiring a password.

None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.

Smartphones and Wi-Fi generate probe requests. Turn on the device’s WiFi adapter. It will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.

Your device will then try to connect to every single WiFi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.

An assault like this can occur at any public WiFi network. These attacks can force the user to lose their connection from their existing Wi-Fi and then get connected to the attacker’s network.

Two ways to protect yourself:

#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.

#2 the best way to protect and encrypt all your data in your laptop, tablet, or mobiule is via Hotspot Shields software to encrypt all your data even if you automatically connect to a free WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Leaky WiFi leaks App data

Recently a settlement was obtained between 2 companies with the FTC. The charge was that these organizations failed to secure their mobile apps, which put consumer’s private data at risk.

5WThe FTC says that these companies disabled the SSL certificate validation. This default process confirms that an application’s communications are secure.

Because the SSL was disabled, the apps were made prone to cyber attacks, in which crooks could steal data like SSNs, home addresses and credit card information.

These attacks are the man-in-the-middle type and are a particular threat to unprotected public Wi-Fi (hotels, coffee houses, etc.).

If you use your mobile on an unguarded network, a crook can get in between you and the site you want to visit, and pose as you and communicate with the intended site. Posing as you, he can then manipulate your data. The scoundrel can also make your mobile visit a fraudulent site that you think is legitimate and lure you into entering personal information.

A website is secure if the site address begins with “https.” However, the smartphone’s small browser discourages users from checking this. And crooks know this.

Of particular interest to criminals is texting between banks and companies that utilize a one-time password. The crook can intercept this transaction and gain access to sensitive data. He can actually redirect an intended wire transfer to his account.

All of this can be avoided by avoiding online financial transactions with a mobile device on public Wi-Fi. Don’t even visit your bank’s site. Also don’t send personal information via e-mail on public Wi-Fi. If you must conduct mobile transactions in public, buy a Wi-Fi device, get a VPN like Hotspot Shield or use your carrier’s 3G or 4G network.

Finally, install anti-malware programs on your mobile, especially if it’s an Android. Don’t just sit back and assume that the app makers, app sellers and other businesses are going to take care of all of this for you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

TJX Identity Theft Costs Another 10 million, Protect Yourself from WarDriving

Robert Siciliano Identity Theft Expert

Most people are familiar with the TJX data breach, in which 45 million credit card numbers were stolen. TJX recently agreed to pay $9.75 million to 41 states to settle an investigation of the massive data breach. According to some reports, TJX has spent up to $256 million attempting to fix the problem that led to the breach.

It’s been said repeatedly that the criminal hackers responsible for the breach were sitting in a car outside a store when they stumbled across a vulnerable, unprotected wireless network using a laptop, a telescope antenna, and an 802.11 wireless LAN adapter. This process is called “Wardriving.”

WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.

When setting up a wireless router, there are two different security techniques you can use. WiFi Protected Access is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original form of wireless network security. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

It’s one thing to access your own wireless connection from your home or office. It entirely another story when accessing someone else’s unprotected network. Setting up a secure WiFi connection will protect the data on your network, for the most part, but if you’re on someone else’s network, secured or unsecured, your data is at risk. Anyone using an open network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and gain access to their data.

There are a few things you should do to protect yourself while using wireless. Be smart about what kind of data you transmit on a public wireless connection. There’s no need to make critical transactions while sipping that macchiato.

Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s nothing on either device that would compromise me.

Install Hotspot Shield. A free ad supported program, Hotspot Shield protects your entire web surfing session by securing your connection, whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. They also offer an iPhone application. There are fee based programs, including Publicvpn.com and HotSpotVPN, which can create a secure “tunnel” between a computer and the site’s server.

Turn off WiFi and blue tooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.

Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is meant to act as bait.

Beware of evil twins. These are connections that appear legitimate but are actually traps set to snare anyone who connects.

Keep your antivirus and operating system updated. Make sure your anti-virus is automatically updated and your operating systems critical security patches are up to date.

Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano identity theft speaker discussing criminal wireless hack