Smart TVs – A FBI Warning

The greater the deals are, the less secure your devices may be. Black Friday/Cyber Monday may offer you great deals, but at what price should you risk your privacy and/or security?  

The FBI has issued a warning to all consumers to be wary of how secure their devices are, especially Smart TVs. Smart TVs connect to the internet to allow you to use popular streaming services and apps. Many of them come in with a microphone on the controller or on the TV itself. A few the newer TVs also have built-in cameras for facial recognition, to know who is watching and can suggest programming appropriately.  

When these TVs are connected to your network, most people don’t bother placing them in a different VLAN, making it easily accessible to all others who have or can get access to your Wi-Fi. Earlier this year, hackers showed it was possible to hijack Google’s Chromecast streaming stick and broadcast random videos to thousands of victims. There are even steps on how to exploit a Samsung Smart TV on WikiLeak.

The FBI recommends placing black tape over an unused smart TV camera, keeping your smart TV up-to-date with the latest patches and fixes, and to read the privacy policy to better understand what your smart TV is capable of. We also recommend buying a Smart TV that comes with the security even if it costs a bit more.  

Source: Now Even the FBI is Warning About Your Smart TV’s Security

Tech Giants Get Another Rebuke Over Data Practices

In the News 

Tech giants are only gaining more enemies in the field of ethics and human rights. In Amnesty International latest to slam surveillance giants Facebook and Google as ‘incompatible’ with human rights, Greg Kumparak at TechCrunch discusses why Amnesty International has called out these tech giants on their use of data. Kumparak emphasizes that Amnesty International views these companies are providing more harm despite the useful services that they provide users. Kumparak furthers that this organization views the lack of privacy and use of user data for profit driven purposes as a violation of human rights and called for regulation on such malicious practices. 

Our Take 

Outcry from data misuse at large tech giants is far from rare in today’s social climate. We have seen sharp decreases in consumer trust with these companies as more and more instances of data breaches, exposures, and lack of transparency come to light. The notion of privacy as a human right applying to online privacy has also become a greater point of discussion in the civil sphere. However, few governments on either local or national levels have enacted regulation over these companies and their use of consumer data. Amnesty International’s decision to call these companies out of what they believe to be a violation of human rights supports the idea already present that such actions are not okay and should be altered to better serve the user rather than the companies themselves. It seems as though these practice rebukes are becoming more and more common and it seems likely that regulation is imminent to some extent 

Recommendations 

How can you protect your privacy on social media platforms?  

  • Understand the risks of putting your personal information into the world, and only share what you have to     
  • Use safe password practices when creating online accounts, and take advantage of Multi-factor Authentication where possible  
  • Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible    
  • Limit the number of accounts that have access to your financial payment option  
  • Use privacy settings on your accounts when they are available        
  • Know your rights when it comes to data use and storage 

 

 

New & Improved 2FA on Twitter

In the News 

Twitter seems to continue to step up their emphasis on privacy and information security. In Twitter will finally let you turn on two-factor authentication without giving it a phone number, Greg Kumparak at TechCrunch discusses Twitter’s rollout of two-factor authentication (2FA) without needing to provide a personal phone number. Kumparak details that phone numbers have been required for 2FA as a verification source. However, this is no longer the most secure method of 2FA and Twitter is just now rolling out a way for its customers to use 2FA without needing their phone number.  

Our Take 

Simply having a password as a security barrier for your various online accounts is no longer the most effective way to secure your personal account information. Two-factor authentication has emerged as a better was to do so and more and more platforms are hosting the ability to use 2FA on your account. However, it has long been the practice to use phone numbers for this 2FA even though using this method has the potential for your account to still be breached. Luckily, there are other alternative even though all platforms have not yet adopted them. Twitter has recently been taking steps to differentiate themselves from other social media giants in regards to their data transparency and political news. This may be another way that Twitter is hoping to stand out to their consumers as a social media platform that is evolving to best suit their users and the changing tech landscape. It is always best to minimize the amount of information that you provide to any company or online account. If this new 2FA system allows for that and an increase in account security, it seems like a win-win.
 

Recommendations 

How can you protect your data privacy?    

  • Understand the risks of putting your personal information into the world, and only share what you have to            
  • Use safe password practices, and take advantage of Multi-factor Authentication where possible      
  • Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible     
  • Research and read a company’s data privacy practices before utilizing their services     
  • Know your rights when it comes to data storage both on a company and legal level 

Virtual Private Networks

Virtual Private Networks (VPN) create encrypted tunnels when you connect to the Internet. They are a fantastic way to protect your privacy and data, especially when traveling and connecting to untrusted or unknown networks, such as at hotels or coffee shops. Use a VPN whenever possible, both for work and personal use.

To learn more, check out this SANS OUCH! newsletter.

Source: Security Awareness Tip of the Day

Secure Technology Cannot Stop All Attacks

Technology alone cannot protect you. Bad guys are constantly developing new ways to get past firewalls, anti-virus and filters. You are the best defense against any attacker. Protect your devices/passwords using tips and steps to secure it as well as staying informed of the latest new vulnerabilities/attacks.

To learn more, check out this SANS OUCH! newsletter.

Source: Security Awareness Tip of the Day

Vishing Calls on the Rise

In the News 

Automated voice messages may become more dangerous. In Vishing Attacks to Become Commonplace in 2020, Sarah Coble at InfoSecurity Magazine discusses the emergence of phishing attacks over voicemail as a primary attack vector in the coming year. Coble explains that these phishing attacks are likely to occur every day with a level of sophistication that can end up costing victims severe financial loses. Coble details that automated messages, not even individual humans, can communicate messages that manipulate unsuspecting individuals into infecting their devices or handing over their private information.
 

Our Take 

Phishing attacks and online scams are becoming more and more complex and difficult to identify. The concerning aspect of automated messages and emails becoming common is that individuals are less likely to suspect that such an email, call, or voice message is malicious. Individuals are often desensitized to things that they witness on such a frequent basis. This can then make individuals more likely to act out of instinct and emotion handing over their information or clicking on infected links. Automated calls are a particularly tricky attacks vector. Spam calls have been plaguing individua’s at an increasing rate for years, yet there is something about receiving a voice mail that causes individuals to pay more attention…most likely because leaving a voicemail often means the message is important. It is therefore critical that individuals refrain from acting (or clicking) out of emotion in response to a voicemail. Unless you were expecting an important call, be mindful of the potential that the voicemail is a phishing attempt.  

Recommendations 

How can you better protect yourself against phishing attacks?    

Google Accessing Health Information

In the News 

How much consumer data does Google have? In Google Struck a Deal to Secretly Access Health Data on Millions of Americans, Joel Hruska at Extreme Tech discusses how Google has access to US consumer health data due to a partnership with Ascension. Hruska details that although Google claims to have valid and consumerfocused reasons for such data use, ethical issues still arise especially given the lack of consent and disclosure of those whose data is being used. Hruska states that the lack of federal regulation over data use in the US is compromising the privacy of millions of consumers since the data isn’t even anonymized.   

Our Take 

Every single American consumer has a vast amount of personal data stored on various accounts and by various companie3s. It is the reality of the techdriven world that we live in. Even if you take efforts to minimize the amount of data that you give to companies, they still have data on you, especially in the healthcare industry. This makes sense as such data should be used to better your health, but sharing health data without proper consent and anonymization is a big red flag for any company. Google is one of the major tech companies, and although they provide valuable services to everyday Americans, they should not have sensitive data on each person that those individuals did not explicitly provide themselves. Data exposure and misuse in the healthcare industry is only going to become a bigger and bigger problem, and at some point, regulation either by companies or by governments are going to need to be implemented to preserve any sense of consumer autonomy over their data.  

Recommendations 

How can you better protect your sensitive personal data?    

  • Understand the risks of putting your personal information into the world, and only share what you have to           
  • Use safe password practices, and take advantage of Multi-factor Authentication where possible     
  • Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible    
  • Research and read a company’s data privacy practices before utilizing their services    
  • Know your rights when it comes to data storage both on a company and legal level 

Rights to Privacy in the US

In the News 

Protecting consumer privacy is a difficult task. In Consumer Data Privacy Rights: Emerging Tech Blurs Lines, Lindsey O’Donnell at Threatpost discusses the reality of data privacy as an extension of the US 4th Amendment, and the difficulties are maintaining consumer privacy in an age of continuous technological advancement. O’Donnell details the difficulty for a legal framework surrounding data privacy when it comes to new technologies including AI, facial recognition, and cell phone data access. 

Our Take 

Technology changes and advances faster than most people can keep up with, let alone laws and legal guidelines. Technology has become a benefit for society as a whole, yet continuous complications regarding who has the right to certain data often plague consumers, agencies, and companies frequently. Controversies and distrust spring up from the lack of structure surrounding the use of data both publicly and privately, there is not a solid consensus on how best to fix such issues, but current legislation, whether at a state or federal level seems to be the most likely course of action. While it may seem obvious that companies should also take responsibility for themselves to use consumer data properly, this is easier said than done in reality. As such, consumers must proactively learn about what data rights companies and local authorities afford them to better position themselves to maintain their privacy and data security.  

Recommendations 

How can you better protect the privacy of your data?  

  • Understand the risks of putting your personal information into the world, and only share what you have to           
  • Use safe password practices, and take advantage of Multi-factor Authentication where possible     
  • Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible    
  • Research and read a company’s data privacy practices before utilizing their services    
  • Know your rights when it comes to data storage both on a company and legal level