Archive for the ‘Theft’ Category

I belong to a neighborhood social media group. Recently, there has been post after post about vehicle and mail-box break-ins in our neighborhood. While avoiding all thefts is not possible, make it more difficult for thieves and maybe they will look for an easier target.

  • Keep your house and vehicle locked at all times.
  • Don’t leave anything – especially electronics and wallets or purses – in sight in your vehicles, remove documents with personal information – vehicle title/registration, loan paperwork, birth certificate, drivers license, passport, bills – from the vehicle.
  • Do not leave garage door openers or house keys, checks, checkbooks, or credit cards in your vehicle.
  • Keep your vehicle insurance in your wallet or purse.
  • A ring of identity thieves who broke into vehicles expressly to steal ID was busted in Dallas in April, story here:
    https://www.dallasnews.com/news/mesquite/2017/04/27/mesquite-thieves-unlocked-cars-became-keys-identity-theft
  • Especially don’t put expensive electronics in your trunk for long periods of time when parked in your driveway. You never know who’s watching you.

Also, your car insurance may not cover your losses if your auto was stolen or vandalized when it was unlocked.

The Texas Department of Motor Vehicles has a brochure you can download about how to protect yourself somewhat from auto theft at https://www.austintexas.gov/sites/default/files/files/Police/BRO_Atpa_120_WhereUR_EnglishFinal.pdf

Furthermore, try to collect your mail every afternoon or send your important mail to a post office or UPS box. You can also sign up for Informed Delivery by USPS at https://informeddelivery.usps.com/box/pages/intro/start.action – this email allows you to know if something is missing from your mailbox.

 

Common problems with IoT devices include their lack of privacy and security controls and their lack of transparency. “Transparency” in this case means that the end user knows and willingly agrees to how the device operates, especially on their home network.

I have recently been working on building a Raspberry Pi B+ home monitoring system. The Raspberry Pi is a handy little computer board geared to hobbyists or children learning to use computers; more than 12.5 million have been sold. Something that appalled me was the complete lack of discussion about securing the thing in the project plan I downloaded. Before you put any device on your home network, you should—at the very least!—change the default username and password (which for the Raspbian operating system is “pi” and “raspberry”).

Another example comes from the experience of a former co-worker who bought a new refrigerator, not knowing the refrigerator had network capabilities. The refrigerator tried to connect to her network. When she investigated further, the manufacturer said the network connection was used for troubleshooting maintenance issues and installing updates. What could possibly go wrong with a refrigerator that connects to a home network without the owner’s knowledge or consent? It probably has a hard-coded (unable to be changed) default username and password that a hacker could use to cause havoc with that refrigerator. For instance, maybe a hacker could shut the refrigerator off by connecting to it using the default username and password. Depending on when the owner realized that it was not working, an entire refrigerator worth of food could be spoiled. Or maybe they could override the water shutoff for the automatic ice maker, resulting in water all over the floor. It could also provide an entry point into the home network. Argh!

Then there’s the iRobot 900-series Roomba, which currently uses a camera and sensors to vacuum a home. It has mapping software that allows the robot to avoid objects in its path, know where it has already cleaned, return to the dock for recharging, and then pick up vacuuming where it left off. Handy!

According to Reuters, a new feature that iRobot is planning to introduce is sharable home maps. While mapping software could bring many benefits to a smart home—such as improved air flow, temperature regulation, and lighting—sharing such data publicly could be a mistake. Even if iRobot only shares with certain companies, what happens if one of those companies get breached? Could such a breach allow a thief access to download your home map to help them decide what to steal from your home?

Recordings from an Amazon Echo—which listens and records supposedly only conversations that have a keyword such as “Alexa” in them—have already been requested as evidence in an Arkansas murder court case.

There are some organizations that are currently claiming to be examining the security and privacy of IoT devices, which include:

  • AV-TEST Institute – you can check out their findings here.
  • I am the Cavalry – a grass-roots organization that looks at the computer security of medical devices, automobiles, home electronics, and public infrastructure here.
  • UL (formerly Underwriters Laboratory) has published UL 2900 ANSI Standard for Software Cybersecurity for Network-Connectable Products. Unfortunately, it costs between $225-250 for a copy of the standard and I cannot find any products that they have certified.

In the first session of the 115th Congress, Senators Warner, Gardner, Wyden, and Daines introduced the ‘‘Internet of Things (IoT) Cybersecurity Improvement Act of 2017.” While this act would currently only apply to IoT devices on government networks, hopefully most vendors would put the same security and privacy features in their consumer products. You can read a one-page summary of the bill here and a full version here.

Thank you Senators Warner, Gardner, Wyden, and Daines. Long overdue!

No security anywhere …

Posted: May 19, 2017 by IntentionalPrivacy in Conferences, Privacy, Theft, Vulnerabilities
Tags: , ,

I was at a conference yesterday. When I went to register, the computer system being used had a label with the username and password right next to the touchpad. There was a problem with my registration, so the conference sent me an email. It contained the names of three other people–unknown to me–at the conference.

Next, we went to the exhibits. The first trailer we went to was open and no one was there. On a table inside was an open, logged-in laptop and a cell phone. Who would have known if I had taken the laptop or phone, or worse, taken information from the laptop?

Pay attention to what you do. Always lock your laptop (press the Windows and L keys simultaneously) when you have to leave it with someone you trust and do not leave your belongings unattended in a vehicle, or at a conference, a restaurant, or a coffee shop.