Tech Friday with Dave Hatter - October 9th 2020 - SPONSORED BY INTRUST IT


October is National Cybersecurity Awareness Month (NCSAM):Do Your Part. #BeCyberSmart.

  • The Green Dot on Your iPhone and Other New Privacy Features in iOS 14.x:
    • Apple has long been known as the most privacy friendly technology company and iOS 14.x will only further that reputation
    • "Privacy is a fundamental human right and at the core of everything we do" - Apple
    • Apple said "With iOS 14, we’re giving you more control over the data you share and more transparency into how it’s used"
    • iOS 14.x has many great new features, including some excellent privacy enhancements:
      • App Privacy: Shows the personal information an app wants access to BEFORE you use it
      • A small circle (dot) at the top right of your phone when the microphone or camera are in use
        • An orange dot indicates the microphone is active
        • A green dot indicates the camera is active
        • If any app is trying to secretly record you, it will be outed with this feature
        • You can swipe into the Control Center to see details about which app is using the mic or camera
        • Remember that you can deny each app access to the camera or mic
      • Notice via a popup that data has been copied
      • Disable precise location tracking
      • Notice that an app is apps requesting local network access
      • Stop WiFi tracking with a random "private" MAC address when you join or reconnect to a Wi-Fi network
      • Restrict an app's access to specific photos in your camera roll
    • iOS 14.x will run on many older iPhones going back to the iPhone SE and the iPhone 6s
    • The update is available now, you should upgrade today
  • "Smart" Male Chastity Device Has Serious Security Flaws:
    • Experts estimate there will be 75 billion IoT devices by 2025
    • As many traditional devices become "smart" and can connect to the Internet, you should ask yourself if you really need your refrigerator online
    • Many of these Internet of Things (IoT) devices are rushed to market with little to no security
    • Hackers love these "smart" devices because they are easy to hack, always on, and often have high band-width connections making them perfect for botnet attacks
    • They are often hard to update and users are unaware that they need to be patched and configured
    • The Shodan search engine makes it easy to find and target insecure devices
    • IoT devices are being attacked in many ways:
      • Hackers may compromise IoT devices to use them to attack other devices and networks (botnets)
      • Hackers attempt to compromise IoT devices to get into your network and attack other devices
      • Hackers may try to steal data from a device
      • Hackers may use an IoT device to spy if it has a microphone or camera
    • These attacks have caused new concerns about the vulnerability of millions of “smart” devices that are increasingly appearing in homes and businesses
    • Palo Alto Networks’ Unit 42 reserachers warned that over 50% of IoT devices are vulnerable to attack which is a "ticking time bomb"
    • Casey Ellis, CEO of Bugcrowd said "IoT security has been horribly flawed ever since it first became a thing, largely because of the pace that new products have to go to market, and the fact that designing security is seen by vendors as ‘slowing things down"
    • Many toys (dolls, cars, drones, robotics, games, etc.) are increasingly connected to the Internet and bringing the same type of capability into homes
    • Many "smart" toys include microphones, cameras and/or video cameras
    • Many IoT devices are notoriously insecure and are infrequently, if ever updated once deployed
    • Researchers recently found vulnerabilities in a male IoT chastity device known as The Qiui Cellmate
    • The Cellmate chastity cage has a Bluetooth lock that could easily be hacked leaving the wearer trapped
    • Pen Test Partners and a group named the "Internet of Dongs" said "There is no physical unlock" 
    • They went on to say "The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free"
    • Ongoing work by the Internet of Dongs is meant to pressure the teledildonics industry into making security a priority
    • Experts are pushing for global regulation of IoT devices
    • For now, the onus for security updates and privacy is on the owner
    • Before you start adding "smart" devices to your network, you should think about the implications
  • Beware Phishing and Fraud on Amazon Prime Day:
    • Prime Day 2019 was a 36 hour frenzy of sales totaling more than $7 billion
    • In fact, it's larger than Black Friday and Cyber Monday combined
    • Amazon Prime Day is October 13 and 14 this year, with sales across departments
    • Thanks to the pandemic driving online shopping, Amazon may see its biggest Prime Day to date
    • Experts are warning that cybercriminals are ready to fleece frenzied shoppers not paying attention while seeking the best deals
    • Bolster Research reported on phishing and lookalike websites that have scraped the Amazon brand hoping that steal personal information
    • One example,www.amazoncustomersupport.net, attempts to mimic an authentic Amazon site
    • Abhishek Dubey, co-founder and CEO of Bolster said "One technique that criminals are using is to create fake URLs that are long so you can't really tell what the domain is. For example, you may be directed to a link that looks something like "amazon.com/prime_day_deals/xyz.info." Shoppers may see the "amazon.com" and think this is a legitimate site, but a closer look shows that this page is hosted on the "xyz.info" domain. "
    • In addition to the URL, there are other tell-tale signs:
      • Phone number. Amazon doesn't promote customer service by phone, try to find a number to call on the real site
      • No login required to purchase. An Amazon account is required to make purchases or returns
      • Amazon does not offer discounts on Groupon or coupons on RetailMeNot
      • No lock or "https" in the URL bar
    • Dubey said "Prime Day can be a frenzy because inventory does run out. In their goal not to miss out, people do often overlook signs such as low resolution/blurry images or graphics or a completely new site layout they have never seen before. Another sign people may not notice is the changes in location of buttons or links. For example, no matter where you are on the Amazon site, the shopping cart is always on the upper right. It will likely not be there on a fake site, but people miss these small details and just assume that it's a special page for the Prime Day event."
    • Tips to avoid being scammed:
      • Be skeptical and cautious
      • Start directly on Amazon.com
      • Search for deals using the search feature on Amazon.com
      • Click on the Amazon logo to see if it takes you to the homepage of Amazon.com
      • Inspect site usability and details, misplaced buttons for example, leave if they are not correct
      • Inspect the images, if they are not in the usual places or they are blurry or low quality, bail
      • If the shopping experience is different, leave the site
      • If the check out experience is different, leave the site
      • Do not shop via emailed or texted links, or ads on social media, which are easily faked
      • If it seems too good to be true, it probably is
    • Read more here:https://bolster.ai/blog/how-to-avoid-amazon-prime-day-scams/