1:M Cyber Security Update 4/30/19

Hi folks,

Here are some quick cyber security updates from me.

OK, let’s jump into it.

 

            =========RELEVANT CYBER SECURITY NEWS=========

 

Another AirBnB host is caught spying on their guests

Crazy story of a security researcher and his family who checked their AirBnB when they first arrived, to find out their AirBnB host had a hidden camera that was watching them. Remember, ’undisclosed electronic surveillance’ is against AirBnB rules, especially in“private” spaces e.g. bedrooms and bathrooms. But you should still do your own due diligence and check. A quick way is to turn off all the lights in the house, then shine your phone light in every dark or hidden crevice, and see if anything reflects the light back i.e. a camera lens. And a more effective way is to buy a RF signal detector that can detect any wireless device in the house (hidden cameras are usually wireless devices).

• https://nakedsecurity.sophos.com/2019/04/09/airbnb-says-sorry-after-man-detects-hidden-camera-with-network-scan/

Here is some examples of a RF signal detector:

• https://www.brickhousesecurity.com/counter-surveillance/rf-signal/


• https://www.amazon.com/rf-detector/s?k=rf+detector

———–

You can now use your Android 7.0++ as a 2-Factor Authentication Security Key 🙂

 

This is great news for Android users that want to stop their Google accounts being hijacked.  Once enabled, you would still log in normally using your username/password, but then your Android phone would present a 2nd factor, a message that appears on the screen, which you need to ALSO click to verify it is in fact you. Its the same as using a YubiKey or Titan key (which we cover in training module 20) but the phone is now your extra token. This is EXTREMELY effective in defeating phishing, because even if hackers have your Google username and password, they can’t access your account without also physically having your phone.

• https://krebsonsecurity.com/2019/04/android-7-0-phones-can-now-double-as-google-security-keys/

• https://nakedsecurity.sophos.com/2019/04/12/android-phones-transformed-into-anti-phishing-security-tokens/?

 

———–

 

A fantastic article by @zackwhittaker on ways to block Vishing/Spam callers

A very interesting and detailed article discussing the various ways you can stop receiving malicious Vishing/spam call to your phone. He covers blocking via your mobile carrier, 3rd party apps you install on your phone, as well as specific settings you can add to your iPhone or Android. Well worth a read
:

• https://techcrunch.com/2019/04/10/cybersecurity-101-robocalls/

———–

 

Lock down your home assistants to make it more difficult for them to spy on you

@Wired magazine has a good article on how to lock down your Amazon Echo, Google Home and Apple HomePod so that they are not recording you via the microphone, unless you actually want yourself recorded at that time. Remember, these things can be “always on”, and it was recently reported that the big tech companies have real human employees listening to some of your recordings for ‘Quality Assurance’ purposes. Do you really want to trust that PR statement??

• https://www.wired.com/story/alexa-google-assistant-echo-smart-speaker-privacy-controls/

———–

How to stop emails from spying on you

@michaelgrothaus does a great job explaining how marketers, hackers and scammers use tracking pixels in emails to see if you opened the email, how long you read the email for, your location etc. He also breaks down ways to stop these tracking pixels from being loaded into your email. Definitely a good read to keep your cyber paranoia in good shape 🙂

• https://medium.com/fast-company/how-to-stop-emails-from-spying-on-you-c011e8542cbf

———–

 

 
Please be safe out there everyone.

#ClickGameOver