Posts

How a Wi-Fi Hacker Snoops on Your Laptop and Mobile

You have likely heard of the dangers of using unsecure public Wi-Fi, so you know that hackers are out there snooping. It is pretty easy to hack into a laptop or mobile device that is on a public Wi-Fi connection with no protection. Hackers can read your emails, steal passwords, and even hijack your website log ins.

Let’s imagine that you are in a local coffee shop with your laptop. All someone has to do is download a wireless network analyzer, which usually has a free trial, and with the right hardware and additional software they can often see what everyone is viewing online…unless they are protected. In some cases they can also read your emails that are going out and received, as well as texts you might be sending. Scary, right?

Tips on How to Use a Wi-Fi Hotspot Safely

You now know what you are up against when you connect to a public Wi-Fi spot, but you should also know that you can use them with some safety in mind. Here are some tips:

  • When you log onto a website, only use an encrypted connection. This means use the URL that begins with HTTPS, not HTTP. Keep an eye on that as you move from page to page because some sites will send you to an unsecured page, which makes you vulnerable.
  • There are also many websites out there that will allow you to encrypt your browsing session automatically. Facebook, for instance, has this. To turn it on, go to your “Security” settings on the site, and then enable “Secure Browsing.”
  • If you are going to check your email, login to your web browser and then ensure that your connection to your email client is encrypted. (Check by looking at HTTPS). If you are using Outlook, or another email client, make sure that your settings are set for encryption.
  • Don’t use any service that is not encrypted when you are on a public Wi-Fi connection.
  • Consider using a VPN when you are connecting to a public Wi-Fi connection. There is a small fee for this, but it’s well worth it.
  • Beware of “evil twins” which are rogue networks designed to mimic legitimate networks. Example “ATT WiFi” my be “Free ATT WiFi”. Other than downloading special software that detects evil twins, the best case is to ask someone who’s knowledgeable as to which network is the safest.
  • If you are on a private network, make sure you realize that they are also vulnerable. Anyone who knows how can spy on the network. Again, use WPA or WPA2 security so the connection is encrypted. However, if someone guesses or knows the password, they can still spy on any device that is connected

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Using your Mobile to protect you from criminals

The Good:

5WYour mobile phone number is almost as good as your fingerprint: very unique to you, and as a second factor authentication device via text message, acts as access control through which to access certain web sites.

SMS two factor authentication as it’s know is the sending of unique one time pass codes that turns your mobile phone into a recipient of a onetime password or “OTP”. Generally there’s no software to install and it’s just a matter of registering your device with the website. OTPs are sent to smartphones upon entering your username, than a password or after you click a button on the site requesting the SMS OTP

A fraudster trying to infiltrate your account would need not only your password and user name, but would also need to physically have your phone. This is a great layer of security. SMS two factor authentication can be used with site like Facebook, Twitter, your bank, Gmail, Paypal and others.

Web sites link your mobile number with your account for your protection. So next time an online company wants to send you a “code” via your smartphone, don’t get annoyed; feel secure instead, because that’s how the company knows you are you. In fact, companies will likely brand you as a highly suspicious user if you refuse to include your mobile device’s number as part of your registration.

The Bad:

Keep your guard up because fraudsters won’t be stopped from trying to succeed at their plans, however, and they know that the smartphone poses unique vulnerabilities to the user. For instance, people are more likely to click on a malicious e-mail link because the phone’s small screen makes it harder to detect suspicious web site addresses. Criminals are forever trying to get passwords and hack into accounts and wreak havoc. As technology continues to evolve in favor of the honest user, so does the technology of crime.

Your role is to always try to stay one step ahead of the criminals. There are ways you can protect yourself and never let crooks get ahead of you:

  • Never use the same password for more than one account or web site, even though it’s more convenient to have one password for multiple sites. Every app and web site should have a unique password.
  • Every access point you encounter should be safeguarded with a WiFi VPN service such as Hotspot Shield VPN that encrypts your wireless internet and surfing activities. This way, when you peruse cyberspace at hotels, airports and coffee houses, all of your activities are protected from hijackers.
  • Ignore password request e-mails or security alerts, especially on your smartphone, as they are almost always fraudulent.
  • Do you know if your phone (or iPad) is uploading your private data to cyberspace? Find out by installing an app security scanner.
  • Never use third-party apps on your device (or “jailbreak” it). Never let your kids use your phone, either.
  • Your device should be kept up to date with the latest operating system. System updates usually include security enhancements.
  • When installing Android apps, read their security notices. Understand how your sensitive data will be exposed with these apps—before you hit “Okay.”

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

“Predictive Analytics”: Technologies that read your Mind

There’s an app that can practically read your mind via your mobile device. The technology is called predictive analysis, and Google’s Now app is at the forefront. Other apps that utilize predictive analysis include Grokr and Osito: predicting the smartphone user’s next move.

2WHow does this work?

Snippets of information are assembled via an algorithm, leading to a prediction of the user’s next behavior.

An example would be combining snippets of calendar entries with the user’s location data, e-mail information, social network postings and other like information.

The user is then presented with assistance that the app “thinks” is needed. The support-information is called a card. A card might, for example, remind the user about an event whose information was entered previously.

The app will then add directions to the event or show weather conditions at the location—even advise raingear.

Benefits

  • The Now app can “understand” context and filter out irrelevant information, making searchers easier than ever.
  • The Google search engine can now respond to more than just individual keywords and can seemingly grasp the meaning of a search query. This algorithm is called Hummingbird and impacts 90 percent of searches.

An example is that Google can compare items upon request or dig up facts about various things. For example, just type in the name of a famous landmark—once. If you seek trivia, you’ll get answers, but if you then seek directions, Google will know that you want directions to this landmark without you having to type in its name again.

  • Future locations of the user can be predicted (based on locations visited previously), not just the current location.
  • Recently, Google and Microsoft researchers came up with a software, Far Out, that can figure out a user’s routine via GPS tracking. This data is then assembled so that future locations of that user can be predicted.
  • The configuring can even adjust to correlate with the user’s changes in residence or workplace.

As advanced as all of this seems, this is only the start of a new wave of technology that can “think” for us—a big benefit to those whose lives are so hectic that they’ve become absent minded, and for those who simply enjoy the idea of having to do less mental work.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Isis Mobile Wallet goes live

Isis Mobile Wallet allows you to make purchases with your phone—a technology that just went live. Just wave your Isis-compatible smartphone at select cash registers to buy soda or taxi service, via Isis’s near-field communication technology. (iPhone compatibility with NFC will come later on.)

1C

Incentives

Customers of Isis Mobile Wallet can use My Coke Rewards and Isis to get three free beverages at designated vending machines.

Another incentive comes from Jamba Juice: that of giving away one million free smoothies to Isis customers.

The third incentive: Make a purchase via an American Express Serve account through Isis Mobile Wallet, and you’ll be eligible for a 20 percent discount (going up to $200).

An enhanced SIM card is necessary to run Isis. You’ll also need to download the app from Google Play, or, you can sign up at any retail store that’s run by these three carriers mentioned above.

Free Smoothies

One million smoothies will be given away for free, courtesy of a business partnership between Isis and Jamba Juice.

All you need do to get the smoothie is make a purchase with your smartphone using the Isis Mobile Wallet.

Why give away a million free smoothies? It’s a promotion to encourage consumers to make mobile payments. This technology is possible by equipping point-of-sale terminals (cash machines) with near-field communication that will read the smartphone as it’s waved at the sensor.

This technology has passed trials with flying colors, and Jamba Juice will implement NFC-enabled terminals in stores nationwide. The goal is to get the idea of mobile payment more universally accepted by consumers.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

5 Ways To Protect Your Mobile From Prying Eyes

Do you know how to keep your phone from the prying eyes of exes, strangers, cops, other officials and even your own spouse? Here are tips to keep your mobile safe and secure.

5W#1 Common Sense

When it comes to the police, cooperate; this will lessen the chance of mobile confiscation. Though you aren’t required to talk to the police without an attorney present, and don’t need to fork over your passcode or give up your phone just because they ask for it, don’t be a pest, either. In general, police need a warrant to search your phone.

#2 Lock down your Phone

Encrypting important data is crucial for those who want to keep prying eyes—be they the police, a vindictive ex or a nosy coworker—from gaining access to their mobile device. The method of encrypting varies from one mobile device to the next, but here are some guidelines:

  • Android and iOS phones come with native data protection for encrypting. Take advantage of this. Remember, other models also offer encryption features, and the user needs to learn how to access these features.
  • Lock your SIM card so nobody can access the SIM without a known PIN.
  • Don’t always use the same phone; switch them up.
  • Protect any videos or photos you’ve taken with the mobile by saving them, then sharing them immediately to provide a backup.

#3 Store in a Cloud

Cloud storage enables you to store your data (videos, pictures, files, etc.) in a virtual storehouse which can be purchased or leased through a hosting company.

To store photos or videos, enable Camera Uploads on DropBox (Android, iOS). You can do the same with Google Drive. Each mobile device has a different way of shunting your valuable data to a cloud for cyber storage.

For Facebook enthusiasts, cloud storage can also be done via your mobile’s Facebook app.

iOS users can use AutoSnap to upload any image that’s taken with it to Facebook, DropBox, Twitter and Instagram. Just link the app with any social accounts that you have.

#4 Live broadcasting Yourself

  • Livestreaming puts anything you record on your phone onto the Internet; here, the phone acts as an inputting tool rather than a storage tool.
  • Justin.Tv (iOS, Android) is the leading livestream app, and the service is free.
  • UStream (iOS, Android). This livestreaming app focuses more on quality than on easy access. The service offers many broadcasting options.
  • Veetle (iOS, Android). This company is smaller than Justin.Tv and UStream, but has an advantage: free, easy integration with social media, plus some other perks.

#5 Use a VPN

When surfing the web on your local computer, mobile or tablet on a free, unprotected public network in a hotel, airport or coffee shop, your data is vulnerable to “sniffers.”

That’s where a Virtual Private Network (VPN) comes in to protect your data between your laptop, iPad, iPhone or Android and an internet gateway. This kind of VPN creates an impenetrable tunnel to prevent snoopers, hackers and ISPs from viewing your web-browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection at both your home Internet network and public internet networks (both wired and wireless). Hotspot Shield’s free proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

7 tips to a secure mobile device

Have you ever received an email like this…I did: “Robert, last night I was at a concert and I must have dropped my phone because I lost it. But then something awful happened. My friends knew I was with my other friend, and she got a call wondering if I was OK. Apparently whoever found or stole my mobile posted all my naked pictures to Facebook. I’ve finally got access to Facebook and I’ve deleted most of them, but it’s been a harrowing experience.”

5W

There are just so many things wrong with this. It’s amazing to me how lazy some people can be with their mobile security—especially if their devices have, ahem, “private” information on them.

  1. Passwords: Mobiles need to be password protected and automatically locked after one minute. A four- to six-letter/number password is sufficient.
  2. Erase on too many password attempts: Enable the option for when someone tries to enter a password in excess of 10 tries, the device erases the data. If you have kids, you may not want to activate the erase option.
  3. Lock/locate/wipe software: Many devices have a feature that allows users to locate the device in the event it’s lost or stolen. And added bonus is it allows you to lock it down (it should already be locked after one minute!) and erases the data remotely.
  4. Security software: Know that mobiles are targeted by virus writers in the same way PCs are. While there are millions of viruses targeting PCs, there still tens of thousands targeting mobiles.
  5. Wireless security: The 3/4G connection on your devices is relatively secure—but the WiFi is definitely not, especially on a public WiFi network. Hotspot Shield VPN is an excellent option to protect your data on an unsecured network.
  6. Update your operating system: Whenever you get a notification that an updated version of your OS is available, it’s often because there was a security vulnerability discovered. Download the update ASAP.
  7. Beware of SMiShing: Whenever you receive text messages to access an account, update your OS or offering cheap goods, be suspect. Really, if you aren’t expecting the text, hit delete.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.