Posts

Beware of Rogue Cell Phone Charging Stations

Humans have evolved a new body part: the cell phone. One day it will be part of anatomical illustrations of the body in health and medical books probably an appendage on your head. I’m not a Dr. so don’t quote me.

For now, we have to figure out a way to keep this appendage juiced up without being lured into a data-sucking battery-charge station.

There’s even a name for this kind of crime: juice jacking. The kiosk is designed to appear like a legitimate battery charging station, when in fact, it will steal your phone’s data while it’s hooked up.

Worse yet, sometimes the thief will set the station to deposit malware into your phone. The crook will then have access to all the sensitive information and images that you have on the device.

These fraudulent stations are often set up at locations where users would be in a rush and won’t have time to check around for signs of suspicion or even think about the possibility of getting their personal life transferred out of their phone and into the hands of a stranger.

Are these thieves smart or what?

But you can be smarter.

Prevent Juice Jacking

  • Before leaving your house, make sure your phone is fully charged if possible.
  • Buy a second charger that stays with you or in your car at all times, and make a habit of keeping your phone charged while you drive.
  • Of course, there will be times when you’re out and about, and before you realize it, your device has gotten low on power. And it’s time to hunt for a public charging station.
  • Have a cord with you at all times. This will enable you to use a wall socket.
  • Turn off your phone to save batt. But for many people, this will not happen, so don’t just rely only on that tactic.
  • Plug your phone directly into a public socket whenever you can.
  • If you end up using the USB attachment at the station, make a point of viewing the power source. A hidden power source is suspicious.
  • If bringing a cord with you everywhere is too much of a hassle, did you know you can buy a power-only USB cord on which it’s impossible for any data to be transferred?
  • Another option is an external battery pack. This will supply an addition of power to your device.
  • External batteries, like the power-only USB cord, do not have data transfer ability, and thus can be used at any kiosk without the possibility of a data breach.
  • Search “optimize battery settings” iPhone or Android and get to work.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

All of us have cell phones these days, and if you are like the vast majority of the population, you access everything from social media to banking information right from your mobile phone. However, if you do this, which everyone does, you are putting yourself in the position to get hacked. With only your mobile phone number and a couple other pieces of information, a hacker can get into these accounts and your life could drastically change.

How does this work? If a hacker already has your mobile phone number, they can get other information, such as you address, birthday, or even the last four digits of your Social Security number, through social engineering schemes via email or on social. Once they have this information, it’s like handing your phone over to them and letting them do as they please, including accessing your accounts.

The scam may not even begin with you, it may begin with the mobile phone companies themselves. There have been many incidents where the carriers are scammed into handing over troves of personal identifying information to scammers posing as the victim. In many cases the phone companies are even allowing the scammers to get phones with the actual victims phone number by transferring everything to a new phone the perpetrator charges to the victims account.

Here are some things that you can do to keep your mobile phone number safe:

Use Your Passcode – You can and should put a passcode on your phone, you should definitely do it. This isn’t totally foolproof, but does give you an extra level of protection.

Add a Passcode – Your mobile carriers online account should have an additional second passcode to make any changes to your account. This additional passcodes works with both the web and calling customer service. Nothing happens unless this additional passcode is presented.

Disable Online Access to Any Mobile Phone Account – This is frustrating, of course, but it certainly can protect you. If you need to change your account, you should go to the store or call your provider.

Use Google Voice – Google Voice is an excellent choice for many, and you can even forward your current number to your Google Voice number. This helps to mask any call you make, which means no one can have access to your real number.

Access Your Cell Phone Account with a Carrier-Specific Email Address – Most of us use our email addresses and phone numbers to access our online accounts. However, you should really have three separate emails. One should be your primary email address, one should be only for sensitive accounts, like your bank or social media accounts, and one for your mobile phone carrier. This means, even if your main email is hacked, the hackers cannot get into your other accounts.

Talk to Your Carrier – Consider asking your carrier to make a note in your account to require a photo ID and special passcode before any changes are made. Though it’s possible that a hacker could pose as you with a fake ID, the chances are quite low that this would happen.

Use Complex Passwords – One of the best ways to protect online accounts is to use complex passwords. Or at least a different password for every account. You should also use a password manager. If you don’t, make sure your passwords are very random and very difficult to guess like “58&hg#Sr4.”

Do Not Be Truthful – You also might want to lie when answering your security questions. These are easy to guess or discover. For instance, it’s probably easy to find out your mother’s maiden name. So, make it up…just make sure you remember it!

Don’t Use Your Phone Number for Important Accounts – Also, make sure that you aren’t using your phone number for any important account. Instead, use that Google Voice number. 

Use a Password Generator – This is part of two factor authentication. Protect yourself by using a one time password generator, as part of a two-factor authentication process. It may be your mobile or they look like keyfobs and produce a new password very frequently. The only way to get the password is to access the generator or your mobile.

Use a Physical Security Key – You should also think about using a physical security key. To use one, you must enter your password into the computer, and then enter a device into the computer’s USB port. This proves that you are the account owner. So, even if a hacker gets your password, they must also have the physical security key to access the account.

Think About Biometrics – Finally, to really protect your accounts, when available, use biometrics. You can buy biometric scanners that read your fingerprints, your iris, or even recognize your voice. When you use these, you cannot access any account until you scan your finger, eye, or speak.

Yes, it’s true that some of these seem time consuming, it is much more time consuming to have to deal with getting hacked or a stolen identity. So, take these steps to remain as safe as possible.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Your Hacked Mobile Phone Number is Like Your Social Security Number

If you have a cell phone, and you use it in any way associated with accessing online accounts (and many do), you are putting yourself at risk of getting hacked. With only a phone number and a bit of information, which is easy to get through social engineering, a hacker can break into your personal and financial accounts.

5WThis works by getting information about you, such as your birthday, address, or even the last four digits of your Social Security number…information that is readily available…and then creating a plausible story to gain access to your phone account, phone and various online accounts. Once they have access to your accounts, they can change the phone number, get a new sim card and then change account passwords, and you will be unable to access the affected accounts. Below, you will find some tips to help you protect your phone number:

Use a Passcode

If you have the option to put an additional passcode on your phone account, do it. Though this isn’t foolproof, it will certainly help to give you some added protection.

Disable Online Access to Cell Phone Accounts

I’m not doing this, but some should. This might be frustrating, but it will further protect you. If you need to make a change, you can call or go into the store.

Consider Using Google Voice

Google Voice is a safer option for many, and you can even forward your existing number to Google Voice. This helps to mask the calls you make, which means no one would have access to your real number.

Use a Carrier-Specific Email to Access Your Mobile Phone Account

If you are like most people, your email address and phone number help you to access most of your internet-based accounts. Ideally, instead, you should have a minimum of three email addresses: your primary address, one for your mobile phone carrier only, and one for sensitive accounts, such as your bank and social media. This way, if your primary email is compromised, a hacker cannot access your sensitive accounts.

Ask Your Carrier for Account Changes

Finally, you can ask your carrier to only allow account changes in person with a photo ID. Though there is still a chance that a hacker could pose as you with a fake ID, the chances are much lower.

There are also some steps that you can take to protect all of your online accounts:

Create Complex Passwords

One way to protect your online account is to create complex passwords. It’s best to use a password manager that creates random, long passwords. If you don’t use a password manager, create your own password of random numbers, cases, and special characters. These might include “4F@ze3&htP” or “19hpR$3@&.” Try to make up a rule to help you remember them.

Don’t Tell the Truth

Another thing that you can do is to stop being truthful when answering security questions. For instance, if a security question asks what your mother’s maiden name is, make it up. Something like this is too easy to guess…just make sure you remember it!

Don’t Connect Your Phone Number to Sensitive Accounts

You also should make sure that you are not connecting your phone number to any sensitive accounts. Instead, create a Google Voice number and use this for your sensitive accounts.

Use Passcode Generators

Passwords are easily stolen via key loggers, which is software that records keystrokes. You can protect yourself from this by using a one-time passcode generator. This is part of the two factor or multi factor authentication process. These generators are wireless keyfobs that produce a new passcode with heavy frequency, and the only way to know the passcode is to have access to the device that created the passcode.

Use Physical Security Keys

You also might want to consider using physical security keys. To use these, people must enter their passwords into the computer, and then they must enter a physical device into the USB port, proving that they are the account owner. This means, in order to access an account, a hacker must not only know the password, they must have the physical device.

Consider Biometrics

Finally, if you really want to protect your internet accounts, you should use biometrics. You can purchase biometric scanners, such as those that read your iris, fingerprint, or even recognize your voice. When using these, you will be unable to access your accounts unless you provide this biological information. There are a number of devices on the market that do this.

Though these steps might seem a bit time-consuming, they can be the difference between keeping your private and financial information safe and getting hacked.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to protect your Mobile Phone from Hackers and Thieves

Let’s cut to the chase:

  • Regularly back up the phone’s data! If this is done every day, you won’t have to worry much about losing important information if something happens to the phone—such as a ransomware attack.
  • Keep the phone’s software and applications updated.
  • Delete apps you no longer use, as these can reveal your GPS coordinates and garner data about you.
  • Never post about your vacation while you’re on vacation.

6WBut there’s more:

  • Employ the device’s password-protect function (which may even be a biometric like a fingerprint).
  • If the phone has more than one type of protection, use both.  You just never know if the phone will get lost or stolen.

Public Wi-Fi

  • Never use public Wi-Fi, such as at airports and coffee houses, to make financial transactions.
  • Though public Wi-Fi is cheaper than a cellular connection, it comes with risks; hackers can barge in and “see” what you’re doing and snatch sensitive information about you.
  • If you absolutely must conduct sensitive transactions on public Wi-Fi, use a virtual private network or a cellular data network.

And yet there’s more:

  • Switch off the Wi-Fi and Bluetooth when not in use. Otherwise, your physical location can be tracked because the Wi-Fi and Bluetooth are constantly seeking out networks to connect to.
  • Make sure that any feature that can reveal your location is turned off. Apps do collect location information on the user.
  • What are the privacy settings of your social media accounts set to? Make sure they’re set to prevent the whole world from figuring out your physical location. This is not paranoia. As long as you’re not hearing voices coming from your heating vents, you’re doing fine.
  • Are you familiar with the remote wipe feature of your mobile device? This allows you to wipe out its contents/files without the phone being in your hand—in the event it’s lost or stolen. Enable it immediately.
  • And also enable the “find my phone” feature. You may have lost it inside your car’s crevasses somewhere.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

I want a Cell Phone Jammer

Well, we certainly can’t blame Dennis Nicholl for breaking the law. Frankly, had I been nearby him when he did it, I would have kept silent and let him continue breaking the law—unless, of course, I was engaged in some loud, planet-moving discussion with a world leader.

5WNicholl, 63, was recently on a Chicago subway train. He brought with him a cell phone jammer. Unfortunately for Nicholl that day, Keegan Goudie was on the same train. Goudie is a blogger, noticed the infraction and began blogging about it. One thing led to another and Nicholl ended up being charged with the unlawful interference with a public utility.

Someone called 911 on him. Though Nicholl was breaking the law, arguably, he wasn’t committing any act that was putting anyone else’s life or limb in immediate danger. Or was he? I’m sure we can all get creative here.

Anyways, Nicholl’s lawyer says his client meant no life or limb danger. Like most of us, Nicholl only wanted some peace. Cell phone users tend to talk a lot louder into their phones than to people sitting right next to them. Sometimes, they’re outright obnoxious. They should be glad the infraction is only a cell phone jammer and not someone’s angry hands.

If making calls becomes allowed on airplanes in flight, it won’t be pretty. It’s bad enough when some fool talks loud while waiting for the boarding door to close. Nobody wants to hear how big the deal you are closing is or that Timmy scored a goal in soccer. Stop being a jerk.

So why is interference with a conversation via electronic device illegal, yet it’s not illegal to “jam” riders’ cell phone yakking with loud whistling, singing, loudly yakking to oneself or playing a harmonica?

Because these non-techy interference techniques can’t jam up someone’s legitimate call to 911. Nicholl’s jammer could have prevented another rider from getting through to 911 to report sudden difficulty breathing. So if you’re hell bent on using a cell phone jammer, maybe make sure first that everyone looks healthy?

The punishment is heavy. A Florida man had to cough up $48,000. Also in Florida, a teacher was suspended after jamming his students’ phones. A priest was even busted for using one in church. Ahh, technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Apple’s bizarre Crashing Text and how to fix

Of all the weird things that can happen to your iOS device, the latest is a relatively benign situation in which a string of text is sent to the phone…and it causes the phone to crash.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The phone will reboot if the particular nonsensical text string is received while the phone is locked.

Data won’t be stolen; nobody will gain remote control of your device (yet); but heck, who wouldn’t be very annoyed that their phone crashes? And this is going on all over the world. The text characters can also be sent from any device. Apple says it will get this problem fixed.

But in the meantime, there are things you can do to undo the problem.

Mac Users

  • Reply to the gibberish text in iMessage, and the reply can be any string of text.

If you don’t have a Mac:

  • Send a text message via a third-party application by using its share feature.
  • Ask Siri to issue a reply or “read unread messages.” Then reply to free your Messages.
  • When you’re in Messages, delete the whole chain.
  • If you know who sent the crazy message, ask them to send a follow-up message.

A software update will soon be coming from Apple that will include a fix to this situation.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to Avoid Bad Apps

If you think there’s like a million apps out there, that’s not exactly an exaggeration. For sure, there are more than you can imagine, which makes it easy to conceive that many certainly come with security problems.

In fact, out of the top 25 most popular apps, 18 of them bombed on a security test from McAfee Labs recently.

Creators of apps put convenience and allure ahead of security. This is why so many apps don’t have secure connections—creating welcome mats for hackers; they get into your smartphone and get your passwords, usernames and other sensitive information.

Joe Hacker knows all about this pervasive weakness in the app world. You can count on hackers using tool kits to aid in their quest to hack into your mobile device. The tool kit approach is called a man-in-the-middle attack.

The “man” gets your passwords, credit card number, Facebook login information, etc. Once the hacker gets all this information, he could do just about anything, including obtaining a credit line in your name and maxing it out, or altering your Facebook information.

You probably didn’t know that smartphone hacks are becoming increasingly widespread.

bad-apps

So what can you do?

  • Stay current – Know that mobile malware is growing and is transmitted via malicious apps.
  • Do your homework – Research apps, read reviews, and check app ratings before you download.
  • Check your sources – Only download apps from well-known, reputable app stores.
  • Watch the permissions – Check what info each app is accessing on your mobile devices and make sure you are comfortable with that.
  • Protect your phone – Install comprehensive security on your mobile devices to keep them protected from harmful apps.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Smartphones for Kids aren’t such a good Idea

Maybe you believe that kids should not have smartphones because the devices can tell a pedophile where a child is located. But there’s other reasons that perhaps you haven’t thought of: cyberbullying, violent porn, online drug purchases, you name it.

5WSmartphones give kids ongoing Internet access; they can’t live without this constant connection because it’s the normality that they’ve grown up with. Children and teens are a product of their technological times and can’t imagine getting through the day without constant connection to the cyber universe.

An article in The Telegraph features a perspective from child psychotherapist Julie Lynn Evans. She points out that the striking increase in youth suicides and youth emotional issues (e.g., anorexia nervosa, cutting) is the result of constant Internet access.

Evans has personally seen the correlation; the driving force of the mental problems gets traced back to cyberspace and the smartphone. Remember the good ‘ol days when the only access that kids had was at the family room’s computer or even the one in their bedroom? You can’t carry that thing around.

Evans’ voice is supported by the big rise in admissions to child psychiatric units, having doubled in the past four years. Self-harm is way up too.

Though many people assert that the smartphone is only a tool and should not be blamed for suicide attempts or self-harming behavior, and that family dynamics are the fuel behind it all, Evans makes clear that smartphones are a big part of the multifactorial process of depression and turmoil.

Smartphones have changed the world; is it such a leap that they can cause the rise in youth psychological problems? Especially when the bullies can follow their targets anywhere? And it’s not just bullying; there are websites that, for instance, give tips on being anorexic.

Kids under 16 can’t legally drive, but they’ll always have legal access to smartphones. It’s up to parents to set rules and have conversations. At the same time, parents must take some credit for bad outcomes: A 14-year-old girl from a stable homelife isn’t going to take advice on how to drop from 110 pounds to 70 pounds just because her smartphone can connect her to a “pro-ana” website.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Don’t Believe These 6 Mobile Security Myths

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.
5W

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.