Data leakage
Our devices and activity are constantly leaking data into the digital ether. What we choose to watch is recorded and reported to a remote server somewhere, along with the make and model of device we are using, the version of firmware it is running, and it’s IP address.
When we shop our loyalty cards and apps record our purchases as does the method of payment. Our modern cars record telematics and track our location via GPS. The in-car entertainment system tracks what we listen to and watch.
Web browsers profile our surfing habits, smartphones track our social and communication history. Smart meters track our utilities and can even tell when no one is home.
All of our smart devices connect to their manufacturer’s command and control center reporting telematics, performance, and usage data.
The photos and videos we take and upload contain metadata that shows where we took the image or video and on what device. We can be tracked via our smartphones right now and going back in time.
All this data leakage is valuable to someone. How much data are you leaking right now?
Tag: security
Digital thefts of physical assets
It seems hard to imagine that someone can steal your home but it can happen. With everything becoming digital these days proof of ownership is key. In the UK proof of ownership of a property resides with the Land Registry. It maintains a database of all registered properties within the UK along with the names and contact details of their owners.
A criminal using identity theft can assume the identity of a legitimate owner of a property and then either instruct a solicitor to sell it or a lettings agent to rent it out with the proceeds of the sale or rental agreement going to an account set up in the name of the stolen identity. These types of thefts are often targeted at unmortgaged, rented, or unoccupied properties.
To combat this type of fraud property owners can set up an alert for any properties they own with the Land Registry’s free Property Alert service here: https://www.gov.uk/guidance/property-alert
After your home your next biggest asset is probably your car. In the UK proof of ownership is a combination of the V5C document combined with receipts from wherever you purchased the vehicle. Scammers target the V5C by attempting to get you to share a copy of it (for example in order to advertise it for sale online) or by applying for a copy reporting it lost or stolen after cloning your identity or intercepting your communications. You can reduce the chance of this from happening by keeping your V5C safe and secure and not sharing it with anyone. Also keep a copy of all receipts relating to the vehicle to support your proof of ownership.
Thoughts on CCTV hacking
CCTV stands for Closed-Circuit TeleVision. Or at least stood for, as today it’s rarely a closed circuit nor TV. It’s usually online and over IP and available to access via an app on your phone, making it all the more hackable.
So how easy is it to hack modern CCTV?
I did some research and the answer is it depends. It depends on the manufacturer, the availability of software and firmware updates, and how it is configured.
Let me explain by switching sides to that of a potential attacker. First you have to find the target CCTV system. This can be achieved using a database like Shodan and tools like Angry IP Scanner. With an IP address and a port scanner such as nmap or the aforementioned Angry IP you can locate the login page. Then it’s just a matter of trying the manufacturer’s default passwords, employing a brute force attack, or making use of an exploit where available.
So how do you secure your online CCTV system? First, make sure it’s a closed system unless you really need to be able to access it remotely; in which case secure the connection by changing any default passwords, make sure all software and firmware is up to date, employ a firewall and VPN (or whitelist IPs for access) and monitor access logs for anything suspicious.
Simple?
Locked out of a Tesla
A neighbour was locked out of their Tesla. I’m not exactly sure how that happened. They were trying to explain that their phone died and they didn’t have their “card” on them.
Apparently, realising their phone battery was about to die they ran to their car in order to charge it only to fail to reach it in time. The phone won’t turn on and therefore they can’t unlock their car. WTF? Unlike old school vehicles that have a mechanical backup key for getting inside your vehicle if the battery dies, this Tesla owner was out of luck. Unless she could charge her phone she wasn’t getting into her car anytime soon.
ADT
I learned that I was no good at sales around age 18. I was looking for work and was offered a sales job on commission with ADT, the alarm company, or at least an organisation performing door-to-door sales for them.
They started off by teaching me how to break into houses. It sounds strange but they actually did. For about 30-40 minutes in a cold hall with stale coffee we were informed about various techniques on how to break into houses. The thinking was that if we came up against stubborn home owners that said they didn’t need a home security system for whatever reason that we would be able to counter it with why they did because we knew how burglars think.
I was paired up with an older lady as my mentor. She was only a couple of years older than me and had been doing this for only a few weeks. Plus she had a car so she could drive us around to and from our sales area.
I wasn’t good at selling house alarms. My heart wasn’t in it. I figured this out fairly quickly. It all came to a head at the end of a long evening with no sign-ups when we arrived at a house with evidence of a recent break-in, namely a boarded up front door. My mentor said if we can’t sell to this home owner we should give up.
The home owner turned out to be a little old lady who had indeed been burgled recently. She had no money for an alarm. In fact she couldn’t even afford a contractor to fix her door. Her nephew had boarded up the door where a glass panel had been and had dropped off a new lock but had yet to return to fit it. Each night she would prop a dinning room chair up against the inside of the door for extra security as the door could not be locked. She would barely get any sleep each night from worrying.
Being a nice guy, she set about fixing us both a cup of tea while I got to work fitting the lock using a screwdriver set retrieved from under a sink. I left feeling good about helping someone, but with no money nor aptitude for sales, but with knowledge of how to break into houses.
Thanks ADT.