Tech Friday with Dave Hatter - August 28th 2020 - SPONSORED BY INTRUST IT


  • More TikTok privacy issues:
    • TikTok is a popular social media app developed by a Chinese company that allows users to upload and share short-form video (up to 60 seconds)
    • It's especially popular for dance, lip-sync, and comedy
    • TikTok now has over 1 billion active users and it's stated mission is “to capture and present the world’s creativity, knowledge, and precious life moments, directly from the mobile phone"
    • It was the most downloaded app of 2019 and is especially popular with teens
    • The TikTok privacy policy says “We share your data with our third party service providers we rely on to help provide you with the Platform. These providers include cloud storage providers and other IT service providers. We also share your information with our business partners, advertisers, analytics and search engine providers…”
    • Concerns have been raised that the information of US citizens could be compromised by its Chinese makers
    • TikTok has come under fire in the past because kids can receive direct messages from strangers and be exposed to inappropriate content. By default, all information is public
    • In December of last year, the Pentagon warned that all US military personnel should delete TikTok from all smartphones
    • Some military branches have strongly discouraged members from using TikTok on their personal devices
    • TikTok has also come under heightened scrutiny by Congress
    • Microsoft and Walmart are potential suitors for TikTok
    • Apple recently announced that they are fixing a serious problem in iOS 14 that allows apps to secretly access the clipboard on users’ devices
    • TikTok is one of several apps caught snooping on the clipboard
    • If TikTok is active on your phone it can read anything and everything you copy on another Apple device: Passwords, work documents, sensitive emails, financial information, etc. through the Apple universal clipboard functionality
    • Back in April, they said the problem is related to the use of an outdated Google advertising SDK that was being replaced
    • TikTok didn’t stop this practice as they promised and now they have changed their story
    • TikTok now claims the issue is "triggered by a feature designed to identify repetitive, spammy behavior" and says they have "already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion."
    • Now it has been reported by the Wall Street Journal that TikTok dodged privacy features in Android devices to capture unique identifiers from millions of mobile devices
    • This data allows the TikTok to track users online without allowing them to opt out
    • It appears that this practice violated Google policies and ended in November
    • The best bet is to delete TikTok, but if you use it, remember that it is actively reading your clipboard and keep that in mind
  • Remote work causes surge in security breaches:
    • FBI Deputy Assistant Director Tonya Ugoretz speaking in an online panel hosted by the Aspen Institute recently said the number of Internet crime related reports has quadrupled compared to months before the pandemic
    • "The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months," Ugoretz said
    • Ugoretz said "Whereas they might typically receive 1,000 complaints a day through their internet portal, they're now receiving something like 3,000 - 4,000 complaints a day not all of those are COVID-related, but a good number of those are.
    • "They really run the gamut. Everything from setting up fraudulent internet domains [...], we've seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion, etc.. So pretty much, sadly, anything you can think of. Cyber-criminals are quite creative" Ugoretz said
    • Sadly, scammers and cyber criminals are using COVID-19 to launch a wide variety of online scams and attacks
    • For example, a malware based threat reported by MalwareHunterTeam is an app that purports to be a "map of infections" showing real-time coronavirus infections. In actuality, it exfiltrates sensitive information and can create a backdoor for remote access
    • And the FTC recently warned about these types scams on their website: "They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information."
    • Several Coronavirus phishing scams have been launched including one in which malicious links and PDFs that claim to contain information on how to protect yourself are being sent
    • The email claims to be from a virologist and says "Go through the attached document on safety measures regarding the spreading of corona virus," and "This little measure can save you."
    • And the FDA is issuing warning letters to firms for selling fraudulent products with claims to prevent, treat, mitigate, diagnose or cure Coronavirus disease 2019 (COVID-19)
    • COVID-19-related phishing has been on the rise since January according to security firm Barracuda Networks
    • Researchers have observed a massive 667% spike in these attacks since the end of February
    • Phishing email rates relating to COVID-19 have surged. Thousands of separate campaigns and fraudulent domains connected to the pandemic have been discovered
    • The pandemic has forced people unaccustomed to using tech tools to quickly adapt. Some of these workers are becoming more efficient
    • But many of these people were forced to setup shop quickly on home networks with personal devices
    • Malwarebytes recently reported that data suggest that since the start of the pandemic, remote workers have caused a security breach in 20% of organizations
    • Many of these devices and/or networks are insecure and have insecure devices connected to them
    • The more devices connected to a network, the larger its attack surface grows, making it easier for hackers to infiltrate the network
    • Each connected device (like your kids' phones, tablets and video games) are a potential gateways that hackers can leverage for access and/or to steal data
    • This is a dream come true for cyber criminals who can steal data from your devices and possibly use your devices to gain access to your company's network
    • Hackers broke into Lockheed Martin through remote workers
    • What you should do:
      • Be extremely skeptical and cautious of any emails, texts, or social media postings about Coronavirus
      • Stop, Think, Protect - be a human firewall
      • Regularly update your devices: PC, phone, tablets, routers
      • Use a strong, unique password for each site/app
      • Change all default passwords to a strong password
      • Enable Multi-factor Authentication (MFA) everywhere you can
      • Use a secure, reputable Virtual Private Network (VPN)
      • Ensure that you have anti-virus software
      • Limit the use of "smart" devices/ Many IoT devices are inherently insecure
      • Encrypt sensitive data
      • Don't allow family members to use devices you use for work
      • Limit the amount of personal information you share
      • Talk to your IT people about security
      • Report fraud to the FBI's Internet Crime Complaint Center:https://www.ic3.gov
  • Cybercrimes against children spike during pandemic:
    • The Tenessee Bureau of Investigations (TBI) Director David Rausch recently told media that investigators had received more than twice the usual number of tips about cybercrime targeted at children during the pandemic
    • TBI has recorded 450 tips on cybercrimes against children in 2020, with 122 tips received in the month of March
    • Rausch speculated that the increase is due to fact that people are spending more time online
    • He encouraged parents to watch what their are doing children online
    • Rausch said "Our agents have seen children as young as five years old taking photos of themselves and at the direction of someone they communicated with online"
    • Rausch told parents to capture the name and contact information of any adults contacting their children and then to contact law enforcement
    • Police often take a proactive approach to catch predators. They create profiles on popular social media apps like Facebook, Instagram, Snapchat, Kik, and TikTok that appear to be children
    • TBI said that predators will jump on the chance to connect with minors
    • TBI Special Agent Robert Burghardt said "I’ve had over a dozen people reply within minutes"
    • Rausch said "We want to encourage parents to be vigilant. Just as you wouldn’t let strangers into your home, or certainly your children’s bedroom, you shouldn’t let cyber-criminals into your home through phones or other screen sources"
    • Understand the parental controls available through your Internet Service Provide and/or celluar carrier
    • Understand the parental controls available in your router
    • Consider paretal control software like Circle or Net Nanny:https://www.pcmag.com/picks/the-best-parental-control-software