How good is your home security? Locks and alarms may keep burglars at bay, but as smart homes become more common, you need to add cybersecurity to the list of deterrents.
With our homes ever more connected, the opportunities for hackers to interfere with our lives and cause harm is increasing. “If everything is connected, everything can be hacked,” pointed out European Commission President Ursula von der Leyen in her 2021 State of the Union address.
So which household items are most vulnerable? Here are five surprisingly hackable items that you may have in your home:
They all share the same vulnerabilities.
A study by the European watchdog Euroconsumers found all five had “high severity” or “critical” security vulnerabilities.
Researchers tested a total of 16 commonly-used devices from a range of brands and found 54 vulnerabilities that exposed users to attack by hackers, with potential consequences ranging from deactivating security systems to stealing personal data.
As well as gaining access to sensitive services like banking apps, the report says hackers can also use multiple connected devices to stage massive distributed denial of service (DDOS) attacks, the likes of which have been used to bring down banking and even healthcare networks.
Among the vulnerabilities discovered was the risk of a “deauthentication attack” where a hacker instructs the device to disconnect from the home WiFI. When this happens, smart doorbells may no longer respond to motion or send alerts to their owners.
Analysts also found that some smart home apps transmit unencrypted data which can be used by hackers to obtain WiFi passwords and other sensitive information to give them access to a user’s private data.
“All too often, smart devices have weaknesses making them vulnerable to attacks. Just as manufacturers have a responsibility to make their products safe to use, they can’t cut corners on digital security either,” says the Euroconsumers report.
So what can you do to make your smart devices more cybersecure? Here’s what Euroconsumers advises:
The idea of someone hacking your laptop camera, spying on you and then blackmailing you into releasing the footage publicly might sound like a cliche Hollywood plot, but it’s not as impossible as you may think. “Camfecting” is one of the most common hacks. If you suspect that your camera might be hacked, keep reading.
Contents
All webcam hackers need to do to hijack your webcam is to slip remote-control malware into your laptop (this also gives them access to your personal files, messages, and browsing history). However, it’s easy to spot the warning signs and put a stop to it. Read on to find out how.
If your webcam indicator light is on or it’s acting abnormally (you see a blinking LED) even though you haven’t turned the webcam on, it’s a sign that something might not be right. But don’t freak out just yet – it may only be another program or browser extension running in the background and using your webcam. Let’s double-check it.
Reboot your computer and launch your browser. If the webcam light turns on the moment you open the browser, the problem is likely to be in a browser extension. But which one exactly? Deactivate your extensions one at a time to identify the culprit.
Another potential reason why your light is flashing might be applications. To test them, do this: launch an application and see if the webcam indicator lights up, if yes – bingo, if not – continue to open apps one by one until you spot the one secretly using it.
Since you may have a lot of them on your computer, the process might be time-consuming. Try using the Process Explorer tool for Windows. On macOS, go to Terminal and enter specific commands. You can find a tutorial here.
If your webcam light turns on a few seconds after you reboot your computer, without launching any applications – you might’ve been hacked. If this is what’s happening, move on to the next step.
Go to the Task Manager and look for all currently running programmes under the Processes tab. Check for webcam utility. Again, don’t panic yet if you do find it. It may simply be a default setting to launch once you reboot your device. You can test it by restarting your computer and checking if the webcam utility has started automatically.
Close all the programs and apps and try turning the webcam on. If you get an error message stating that your camera is already in use, it might be that your laptop’s camera has been hacked… or there’s an app running in the background (you can check this by following the instructions in Step 1).
If a hacker has been secretly snooping on you, you might be able to find audio and/or video recordings you don’t remember. Go to the folder where your webcam stores such files. Also double check your webcam’s settings and whether that folder hasn’t been changed without your knowledge. However, don’t trust only this method as some hackers might simply live stream everything they can see through your webcam to their device.
If it turns out that an unfamiliar piece of software is secretly using your camera, scan your computer system for malware immediately. If it finds anything, move the file to quarantine. If it doesn’t solve the problem and you still have suspicion that your camera is hacked, it’s time to speak to a tech professional.
While the indicator light can alert you to a webcam hack, it’s not always reliable. There are some advanced attacks that can take over your laptop’s camera without the light even blinking.
In theory, the indicator light should be hardwired to turn on when the camera starts recording. However, whether or not the light switches on really comes down to the device’s firmware. And unfortunately, firmware can be overridden. Researchers proved it back in 2013, when they managed to hack a MacBook camera without the LED light ever coming on.
Figuring out if your camera is being tampered with is more difficult than you might expect. But there are ways to secure your computer even when you’re not sure if the webcam is hacked. Check out our tips for combating webcam bugging.
All you need to do is some homework:
A firewall protects your system by monitoring the network traffic and blocking suspicious connections. Make sure your computer’s inbuilt firewall is up and running.
To access firewall settings on Windows, go to Control Panel > System and Security > Windows Defender Firewall > Turn Windows Firewall On or Off.
On macOS, head to System Preferences > Security & Privacy > Firewall.
Choose one with advanced protection against malware, spyware, and viruses. An antivirus program will take care of detecting and busting malicious threats before they do any harm.
Hackers may disguise themselves as support agents and contact you saying there’s an issue with your system/computer/program and they have to take care of it. Don’t believe them. It’s a common phishing technique cybercriminals use to slip remote-access software into your device. Such software then allows them to access your camera and manage its permissions.
Another way to lure victims into downloading RAT software is through phishing emails that hide spoofed URLs and malicious files. Treat emails from unknown senders with caution and don’t click on suspicious links or download fishy attachments.
Public Wi-Fi networks are extremely vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Always use a VPN to secure your Wi-Fi connection and protect yourself from unwanted snoopers.
NordVPN has military-grade encryption and advanced security features. It not only makes your Internet traffic private but also shields you from cyber threats, including malware.
Tape it. Yes, that’s right. Even Mark Zuckerberg does it. It’s the easiest and 100% reliable way to prevent someone from watching you through your computer camera. If you feel like the tape is not classy enough, many retailers are now offering covers that attach to a webcam and slide to open or close.
If you receive threatening messages saying that someone hacked your webcam, don’t take it as truth right away. It might be a social engineering attack. Without you having to download anything or click on any links – can they prove that they have webcam footage of you? Does their story make sense? Have you ever actually done what they say you did in front of your computer? These scammers don’t have the technical knowledge to hack you, but they know how to play with your emotions.
Law, Accountancy, Finance – these sectors are renowned for continual compliance and regulation. When it comes to data I think local businesses still adopt the opinion that it won’t happen to them. Data exists in a minefield of traps just waiting to be exploited either externally by Cyber crime or unintentionally internally by human error. As we’ve all seen, life changing events mean working from different locations and on different devices and not all of these devices are properly managed or even owned by the business. Get ahead of the curve, to make sense of it all get in touch with one of our consultants. Get the report.
Office 365 Backup(Opens in a new browser tab)
There has never been a time where protecting ourselves from internet fraud has been so imperitive. We are doing what we can to make protection as affordable as possible during this time.
Office 365 Backup(Opens in a new browser tab)
Meeting at the TBN networking group Chris, MD ExpertHR Solutions and I, Chris Palmer, MD AnyTech Solutions began early talks about all things IT. Chris’s agenda ranged from increasing the level of the company security, building a cloud based client area, migrating to a robust commercial email system and a new look fresh website.
From AnyTechs’ perspective the relationship had clear benefits as we were looking at outsourcing our HR services. Since moving all of our HR requirements we have found that Chris’s advice has been clear, thourough and invaluable – his knowledge is simply immense – the complete professional.
After advanced discussions we built a plan for Expert HR that included onboarding all of the company devices into our IT management system, this system provides us with vital insights into the health of hardware – thus allowing us to be one step ahead of the next outage.
One of our first tasks was to migrate Chris onto a cloud based email system – Exchange along with Microsoft 365 backup. This system provides seemless always in sync, email, contacts, calendars and tasks across all devices.
As Chris says “Not only has this made transfer of personal data more secure, it is quicker too and means we no longer have to carry heavy and expensive laptops to Clients as our IPADS are permanently synched, fantastic.”
Once migrated onto the Exchange platform we configured additional levels of security at source, Anti-Spam, Anti Phishing and Anti Spoofing rules.
Chris’s wanted a fresh and modern look for his shop front, he wanted a new website but didnt neccessarily want to spend thousands doing so. We provided Chris with some ideas, ranging in look and feel and swiftly settled on one design route. We’ve empowered Chris with the ability to update his web content and have shown him how to do it.
You can see the working site here in all its glory and subtle animation and fades: http://experthrsolutions.co.uk/
We hope you agree that it communicates what can be quite a complicated subject with ease. Next steps will be to commence SEO optimisation so that ExpertHR benefit from more traffic via the internet – to date not something that has been required.
One of the core must haves for Chris was the ability to have a secure accessible anywhere portal for him to be able to share documents and updates with his customers. We built a portal where Chris can select who has access to what – right down to individual files. Again we taught him how to use it.
Nowadays its become almost vital to be all things to all customers all of the time. In theory this is not always possible but the more strings you have to your bow increases your compatibility with your clients, thus their experience of working with your business is the best it can possibly be.
At AnyTech we have a raft of skills inhouse that range from IT right through to website design and build services. Not to mention CCTV, VOIP, Hardware & Software Sales, Cloud virtual servers, Disaster Recovery services, Data Recovery services, Cloud backup and much more. You could say we are the small business one stop shop! Why not give us a call on 01202 460279 to see how we can help you or grab Chris at your next TBN meeting.
Business IT Services(Opens in a new browser tab)
There’s an age-old belief in the tech world that Macs don’t get malware. At AnyTech Solutions we know that isn’t true – Mac security firms uncovered new threats specifically targeted at Macs in June 2019, and notable instances of Mac malware have been uncovered in the past. But is it true that Macs are less vulnerable than Windows PCs?
Macs have a lot of built-in features that can be powerful tools in the fight against malware. These features come with every Mac by default, so is there really a need to install third-party antivirus software on your computer?
The belief that Macs are fairly resilient to malware is somewhat true. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.
And Macs really do have some stellar built-in tools that protect you right off the bat. All Apple apps are sandboxed, meaning they can only do what they’re meant to do, without being able to access critical system infrastructure and settings.
But there are gaps in the armor that protect Mac users’ systems. Apple’s layer of security relies on adding quarantine tags to suspicious or outright malicious software, and this then prompts the warning dialogue you see when you try to open them.
“The nature of sandboxing on MacOS actually restricts antivirus software.”
What about the new security features in MacOS Catalina, launched recently. Apple says apps will require your permission before accessing your documents, desktop files, iCloud Drive and external drives, plus it’s promising greater security thanks to a dedicated system volume for the operating system.
However, the top experts still don’t believe these go far enough. Gatekeeper still won’t perform a signature check on non-quarantined apps on launch, meaning a malicious actor could tamper with a legitimate app and it would still be permitted to run on MacOS.
“By default, for example, [an antivirus app] cannot get access to most of the files on the hard drive. Even if you grant access to the entire hard drive, many of those files cannot be removed by an App Store app. This means App Store antivirus is less likely to be able to detect all threats and is also less likely to be able to remove all threats.”
Relying purely on Apple’s systems isn’t enough. For example, while Gatekeeper can block apps that originate from third-party or untrusted developers, it can easily be bypassed by the user with a couple of clicks.
While Gatekeeper gives you plenty of warning that ignoring its checks is a bad idea, it still lets you do it with relative ease.
The obvious conclusion seems to be that you should install antivirus software on your Mac, we recommend and supply ESET along with free installation which we perform remotely. But as we noted above, there are some important caveats, and it’s certainly not the only precaution you should take.
If your company manages data – in particular personal details, you need to be aware of changes in legislation that may affact your business and prepare methods and practices for securing data handling.
Given the rise of both Donald Trump and Theresa May, there’s never been more focus on regulations in recent memory. But the regulation that is starting to loom largest in the minds of business executives emanates from Brussels rather than Washington or London.
In a little over a year, the European Union is gearing up to implement its General Data Protection Regulation (GDPR) that requires all personal data collected by companies operating within the EU to be centrally managed under the auspices of a chief data protection officer—and regularly audited. Any security breach pertaining to any of that data must also be reported immediately.
But the GDPR doesn’t just stop there. It requires companies to gain explicit permission from individuals to use their personal data and honor all requests to be forgotten, which requires an organization to erase whatever data it may have pertaining to that individual.
Potential fines for violating any of these provisions are downright draconian. Based on the severity and number of violations, a company can be fined up to 20 million Euros or four percent of their annual revenue depending on which sum is greater.
A recent survey of businesses operating in Europe conducted by Osterman Research on behalf of CipherCloud, a provider of compliance monitoring tools, finds that only a little of over a quarter of respondents are confident they have the processes in place to manage data in a way that meets the requirements stipulated by the GDPR. Given the fact that those rules are set to go into effect by May of 2018, it’s little wonder that many organizations are starting to panic.
Historically, not many organizations would receive anything approaching a Good Housekeeping seal of approval when it comes to managing data. They typically have multiple copies of the same data strewn across the business. To make matters worse, much of that data consists of personally identifiable information (PII) data that winds up being accessed via any number of mobile computing devices that can easily go missing. Right now, the probability that most organisations will lose control over some portion of that data for one reason or another is exceedingly high.
Naturally, a large percentage of the businesses affected by GDPR are going to be looking to IT service providers to help them get their data sorted out. We can assist from implementing data management best practices and data encryption to setting up reporting tools and regularly conducting audits. Many organizations are likely to conclude that it’s both simpler and safer to rely on a managed service provider to perform these tasks on their behalf.
GDPR requirements go well beyond, for example, simply being able to recover data in the event it goes missing. Most of the organisations seeking external GDPR help will be looking for providers capable of delivering a comprehensive suite of data management and protection services. If you want to start preparing for the change or simply want to discuss your current data management or lack of please get in touch with us on 01202 460279.