UPDATE

It has been awhile since I posted anything. Throughout the months of November through January, I was involved in securing a new place to live and then moving. That was a major endeavor, with decades worth of accumulated things. Since then, I have been getting settled to some degree. In the midst of it, my computer died and I have pieced together parts to get a functional system until I have a chance to get a new one.

Now that the move is at least complete, it is time to return to my efforts to raise awareness of cybersecurity and what you can do to keep safe online.

I will have a booth at the Boomer Expo in Lakeland, Florida on Saturday, 17 February, to reach out to people locally. Then, in the days ahead, I will return to this blog and related work.

May you remain safe online.

Holiday Shopping – Security and Privacy

Black Friday is still nearly two weeks away, but I’ve been seeing ads for Black Friday sales for a week or two now. And many stores have already started Pre-Black Friday sales.

Cyber Monday has become just as huge a buying day as Black Friday.

Then there’s Christmas and holiday shopping. We can look forward to sales galore, crowded malls and shopping centers, and a great deal of online shopping in the next couple months.

As stores ramp up their marketing, people get in a buying frenzy and can’t wait to get the good deals.

So, what are you planning to buy? Whatever it is, you are probably looking for good prices. You may be considering which brand or model to buy.

There’s one thing that you may be overlooking. If so, you are like almost all other shoppers, at least in that respect. Almost nobody gives much thought to the security or privacy considerations for the products they buy.

 

For many products, that isn’t an issue. If I’m buying a book–one made of paper–not an electronic version, I don’t need to think much about security or privacy.

But there are an increasing number of products where it pays to think about the issue of security and privacy.

Why? What could go wrong?

If you’re buying a smart TV, it’s possible the TV you buy could be used as a platform to hack or to eavesdrop on you. (Yes, this has happened.)

Someone might be able to use that device that responds to your voice to eavesdrop on you.

Perhaps you want to pay more attention to your health and have found a device that allows you to measure your activity level and keep track of your distance. Maybe it’s time to buy that when it goes on sale. It could be a really good decision and help you feel better and live longer, by increasing your fitness. But it might also tell an attacker what your schedule is. They may be able to find out your routine, your location, and when your home is empty.

There are wristwatches that, among other things, store your account numbers so you can make a purchase without showing anyone your credit card. That could be useful. But, that same watch might also allow a thief to empty your electronic wallet.

Maybe you are just looking for a good price on a new refrigerator. You see the sales on smart refrigerators. Might as well take advantage of the new technology since you need a new frig. Why would security matter for that?

Consider what could happen if someone hacked your refrigerator. They could alter the temperature at night and cause it to warm up, then cool back down by morning. A couple nights of that and your food may spoil. You could get sick. Not a likely scenario, but a mischievous teenage hacker might think that was fun. What if your new refrigerator keeps a record of the temperature? The hacker might be able to alter the record so you don’t even find out it isn’t working properly.

A more likely scenario is that someone hacking your refrigerator could look at the temperature fluctuations. When you open the door, the temperature will rise briefly. When the door is closed, it’ll cool back down. Usually, this will happen repeatedly during the day and evening when you are at home. What if the temperatures don’t show the expected fluctuations because you’ve gone on vacation? You’re not opening the door, so the temperature remains more constant. Someone looking at that record would be able to tell that nobody is at home, just by hacking into your refrigerator.

The same could apply to a home security application or device. It seems nice to be able to monitor what’s going on at home when you’re away. But, if you can monitor it, maybe someone else can too. If they repeatedly see no activity, it probably means nobody’s home.

And, if your security system lets you unlock the door for a delivery while you’re away, a hacker could also unlock your door just as easily.

I realize that some of these scenarios aren’t likely. But some are.

 

I don’t want you to be afraid of buying new technology that will improve your life. But I do want you to think about unintended consequences.

Mostly, I want you to begin considering what COULD go wrong.

A burglar might use your new device to decide when to rob you.

A predator might use your new device to locate you or your children.

An identity thief might be able to collect information that will help them steal your identity.

Another thief might be able to collect information from a device and gain access to your bank accounts.

A hacker could take control of your new car, turning it into a weapon, against you or against someone else.

And that’s just the beginning of what could go wrong.

I don’t think we should give up the technology we have. It can be a wonderful thing. I don’t want you to be afraid of buying new technology. I just want you to give a thought to security and privacy.

 

Here’s some ideas on how to do that:

Consider the following when making a purchase:

Is it capable of collecting or storing information? If so:
    * What kind of information does it collect?
    * Is it possible that it could collect information other than what it is supposed to?
    * Are there any safety mechanisms to protect that information?
    * Is it possible someone could find a way to get around those safety mechanisms and access information they’re not supposed to?

Does it connect to the Internet? Does it have a wireless connection? If so:
    * If someone were to hack it, could they get any information you don’t want them to have?
    * If a hacker were to take control of the device, could they use it to do something you wouldn’t want them to do?

If someone were to hack the product, what is the worst case scenario?
    * Will it provide information? If so, is that information something that someone could use against you or to figure out something about you that you don’t want them to know?
    * Could someone use it to harm you? (What could happen if they hacked your car while you were driving or hacked your pacemaker?)

 

In many cases you won’t know the answers to these questions. You could call the company and ask a sales person. But, in my experience, the sales reps won’t know the answer either. And, if they don’t know the answer, a lot of them will make an answer up. If you do call them, don’t assume you are getting an accurate answer.

Instead, you can do some research online.

Research the product. Suppose the product is called “Wonder Widget.” You could do Google searches for things like:
    Wonder Widget problems
    Wonder Widget complaints
    Wonder Widget security
    Wonder Widget privacy
    Wonder Widget issues
    Wonder Widget compliance

You could also do searches on the company that makes the product to see if they have a history of making products that have problems with security or privacy.

 

Some other things you can do:

    * Use your imagination. See if you can come up with an idea of how the product could be used in a way that it wasn’t intended to be used.

If you do this regularly, you may begin to discover problems that you never realized existed before. Of course, just because you can think of a way that a product could be used in an undesired way, doesn’t mean someone will actually use it that way. But, if you can think of it, so can someone else. If the issue is serious enough and there is some benefit to a malicious person in doing so, it is realistic to think that they might actually do it.

    * You can utilize your power as a consumer to make a difference.

When you buy, make your choice in light of security and privacy-e.g., buy from a company that cares about the consumer’s security and privacy.

Let the manufacturers and retailers know that you care about security and privacy and that your buying decision takes that into account

 

I’m not suggesting that you avoid buying products that might have some risk. A lot of the products being developed provide useful and desirable benefits. What I am suggesting is that you at least think about the potential problems that could result if security and privacy isn’t an important consideration when the product is designed.

For some products you want to buy, it is likely that you won’t be able to find any brand that has been designed with security and privacy in mind. I’m not suggesting that you refuse to buy it. But, at least you will know that there is some risk.

If you’re approaching a dangerous intersection, you don’t turn the car around and decide to go back home. You slow down, look all directions, be extra careful, and proceed through the intersection when it’s safe.

In the same way, if the product you are purchasing doesn’t pay enough attention to security or privacy, you may still choose to buy it. But, if you know that there are risks, you may be able to adjust how you use the product to lower that risk. In addition, you could also call the manufacturer. Tell them that, even though you bought their product, you want them to think more about security in the future.

If manufacturers think consumers will buy their products regardless of any security or privacy issues, a great many of them will not pay attention to those concerns when they create their products. However, if there is an economic incentive for them to build security and privacy protection into their products, they will pay more attention to it. If customers tell them that security and privacy matter to them, they will likely begin to pay attention to that.

You can also tell other people you know about any problems that poorly-designed products have. If the word spreads, it could make a difference.

 

We know that driving a car is potentially hazardous, but we do it anyway. There are things we can do to increase the likelihood that we will get home safely.

If you are purchasing a product that might have some security or privacy risk, spend some time thinking about ways that you might be able to reduce the risk.

Here’s an example:

Let’s say the product connects to the Internet and allows you to ask it questions. Then it searches and tells you the answer. It is voice actuated, so all you have to do is talk to it and get your answer.

But what do you think is happening when you aren’t asking it questions? In order to respond when you do ask your question, it needs to be “monitoring” the conversation in the room. Although the manufacturer may tell you it doesn’t save or transmit everything it “hears,” what if a hacker was able to modify its behavior? The hacker may be able to make it transmit all your conversations.

Personally, I don’t want that in my house. But perhaps the convenience is something you do want. If you want one of those, how could you use it in a way that reduces the potential risk?

You could unplug it when you aren’t going to ask it a question. (It’s not as convenient to use it if you have to plug it in first. But it would be safer.)

You could keep it in a room that you are not in and go into the room where it is located when you want to ask a question. You could even have a radio playing in that room so it can’t pick up your voice from the other room (hopefully).

At the very least, you could make sure that you don’t have any sensitive conversations within range of that device. For example, if you are calling your bank and have to give out your social security number (last four digits) in order to talk with them, you may want to be sure that you are not within “earshot” of the device when you make that call.

Perhaps that is being too paranoid. Perhaps that device truly does not allow anyone to listen in and does not store or transmit any information except when you intend it to respond. Personally, I don’t want to take that chance. But maybe you are OK with that.

 

My point is that many of the things that are being created these days do have some security and/or privacy risks. It is up to you to decide what level of risk you are comfortable with. But, if you care about security and privacy at all, it is important to consider the possibility of risk. Then, if you determine there is risk, you have choices.

You can decide not to buy it.
You can decide that you are willing to accept the risk.
You can decide to use the product anyway but find some way to lower the risk to a level you are comfortable with.

Enjoy your holiday shopping (and your holidays). Be safe.

How to Keep Children Safe

Last week I raised the topic of talking to the children we care about to assure their safety.

This week I want to provide some guidance and resources to do that.

If you are a parent, talk with your kids. If you are a grandparent, talk with your grandchildren and also encourage your children to talk with their kids. If there are other kids you care about, see that someone talks with them, so they stay safe.

There are resources to help with this. But, first, let me suggest some ideas on what to talk about.

Continue reading “How to Keep Children Safe”

Protecting our Beloved Children

Do you have school-age kids in your life? Perhaps you have grandchildren. Or maybe you have friends who have kids or grandkids you care about.

They’re back in school, and connecting with their friends. Maybe they are making new friends. In any case, they are communicating, and they are doing it online…. and with their phones.

When we were growing up, we connected face-to-face, or sometimes by phone. When the phone rang, we knew the person we were talking with. Of course, a stranger might call, or someone might even call under false pretenses. But we didn’t immediately become friends when a stranger called. Continue reading “Protecting our Beloved Children”

Eternal Vigilance? Come On! Get Real!

I’ve talked about the importance of awareness, caution, and paying attention. I’ve talked about the danger of opening attachments and clicking on links.

I’ve said that it takes just one mistake to compromise your computer or put you at risk. And I’ve suggested “eternal vigilance” as a way of guarding against that risk.

But how realistic is that, really? Continue reading “Eternal Vigilance? Come On! Get Real!”

Where Did My Money Go?

I recently attended a meeting where someone from a title company spoke about problems people run into when buying a house.

Suppose you are buying a house. You’ve made an offer. Perhaps you had to negotiate with the seller. Now it’s time to close the deal.

The title company had previously suggested that you wire the money to them and said they will e-mail you instructions when it is time. They often rely on wire transfers to transfer money. Waiting for a check to clear takes much longer.

The time they told you to expect the e-mail on how and where to wire the money has come and you are watching your inbox for that e-mail.

The e-mail arrives. You verify it is from the title company. The agent’s e-mail address is listed, the amount is correct, and everything looks right. So you wire the money, excited about taking possession of your new home.

There’s just one problem. The money never arrives. Continue reading “Where Did My Money Go?”

Before You Hit Delete

(NOTE: Significant Computer Part Failure has delayed my ability to create these graphics I want to add to this post. Please check back. It may be awhile.)

What do you do if you are running out of space on your computer? In my last post, I said I often find that people start deleting files and sometimes delete the wrong ones. Then, their computer no longer works properly.

I want to provide some guidance, before you hit “delete.”
Continue reading “Before You Hit Delete”

How Computers Get Hacked – Part 2

How would you break into a locked building? If your life depended upon doing so, how would you go about it?

Perhaps you would walk around the building, looking closely to discover any points of easy access. For your actual break-in, you might wait until night when everybody had gone home. Would you break a window to get in? That might be noisy and attract attention if there were people in the vicinity. Would you learn how to pick locks? Or perhaps you would find a “locksmith” to pick the lock for you. Is there any video surveillance that might give you away? Do you need to disable the video cameras? What about alarm systems?

Or perhaps you would try to bust the door down by brute force. In any event, it would probably take some planning and preparation. And you would need to get the timing right if you want to avoid getting caught.

 

But there’s an easier way. Continue reading “How Computers Get Hacked – Part 2”