Tag Archives: bluetooth

National Cyber Security Awareness Month – Beware of Skimmers!

Lets face it; technology is everywhere in our daily lives. So much so that we have gotten to the point where we use it without a thought. Hackers and thieves depend on a certain level of laziness to victimize people using card skimmers.

Everyday millions of Africans-Americans pull out their debit or credit card and swipe it. We swipe it for gas, food, clothes, medicine, every conceivable purchase. But are we aware of how vulnerable your money, and even your financial life, is when you swipe your card?

One of the most prolific, and easiest,  cyber crimes is the use of skimmers. A skimmer is a small device that is almost invisible to the naked eye. It is placed inside credit card readers. When you swipe your card through the reader the device records the information on your credit/debit card and transmits it to criminals. These skimmers can be found anywhere you use a credit card. The gas station, a convenience store or even an ATM. As I said already, spotting these little devices is very difficult. Sometimes the thieves will mount a skimmer over a card scanner. Sometimes they can gain access to the machine and mount the device inside. These cyber criminals are so good that they can even build skimmers with key pads that record your PIN and you would never know you were using it.

Newer credit and debit cards have what’s known as the EMV or chip and PIN cards. These are much more secure because they transmit transaction data encrypted. But those are not 100% secure either.

After they get your information they may decide to empty your bank account or max out your credit card on a  shopping spree. Its calledcard not present fraud.”

So how do you detect a card skimmer?

If you investigate the device you can sometimes spot a skimmer. Here are a few tips.

  1. Look for tampering. Check the device for any sign that it has been tampered with. Check top, bottom and both sides of an ATM. Check the card reader and the keyboard.
  2. Does it look right? Do you recognize it? If it is your bank ATM does it look different, such as a different color or material, graphics that aren’t quite correct or anything else that doesn’t look right. Be alert and paranoid about any machine. 
  3. If you’re at the bank and there is more than one ATM compare them. Look for obvious differences between the two? They should be identical.  If not alert the bank and police immediately.
  4. Check that  keyboard. Is it too thick? Is it loose or just does not look like it fits right? There may be a PIN-snatching overlay. Don’t use it.

    Fake ATM keypad

    5. Push, pull, jiggle everything. ATM’s are pretty sturdy so it should feel solid. Card skimmers and fake key pads are installed quickly and if you pull on one it may come off in your hand.

6. Another good practice is to hide your hand when entering your PIN. Some hackers use tiny cameras mounted above the ATM to record your PIN. Use one hand to cover the other when entering your PIN.

A card skimmer can be anywhere. You need to be alert and look for any signs that something is wrong. Be aware of gas pumps that might have been tampered with. This is a favorite hacker target. Why? Because they have a high volume of traffic and are not closely monitored. A good crook can install a card skimmer in seconds and come back for it in a few minutes having collected data from several cards. He may do this at several gas stations in a single day.

But the criminal may not come back for the skimmer at all. In the past skimmers had memory chips that required criminals to come back and retrieve the device. No more. The newest skimmers can transmit the information via Bluetooth or text message to the criminals computer. They can install the skimmer and record for hours. And you don’t have to build these devices. You can easily buy these devices on the web where they are sold openly.

But you can fight back. Your smartphone can detect these Bluetooth skimmers. When you arrive at a gas pump or any location using a self-serve card machine whip out your smartphone and  go to settings. Turn on the Bluetooth and have it search for sources. If a you see a string of suspicious numbers come up do not swipe your card in that pump or ATM. Report it to the police and store management immediately.

There are also apps that can detect skimmers. Skimmer Scanner is currently available for Android phones and it can detect the presence of a skimmer on a card swipe machine. The Skimmer Scanner app checks for nearby Bluetooth transmissions and alerts you when one is detected.

Now you know.

Car Hacking is Real!

2016-bmw-7-series

2016 BMW 7 Series Sedan

As you know cars are more and more reliant on technology. Internet connected cars provide everything from GPS directions, to entertainment to monitoring how well you and your engine are performing. And anything connected to the Internet can be hacked.

Recently the FBI issued a public service announcement warning  that cars are increasingly vulnerable to hackers and are encouraging victims to report incidents. The warning  was issued jointly with the U.S. National Highway Traffic Safety Administration (NHTSA) and cautioned consumers and manufacturers to be aware of the risks of car hacking.

 Car hacking is real!  In July of 2015 a group of researcher demonstrated how  they could take control of a vehicle including braking and steering while it was traveling at 70 MPH.

Technological advancements in cars are simply amazing. On board computers control numerous vehicle functions including steering, braking, acceleration, lights and windshield wipers.  Cars also have wireless capability, including smartphone and  Bluetooth syncing,  keyless entry, ignition control, tire pressure monitoring, and diagnostic, navigation and entertainment systems; all vulnerable to hackers.  Many new cars offer autonomous systems for emergency braking and even steering. The new BMW 7 Series sedan allows the driver to release the steering wheel for up to 15 seconds. Audi  is offering a car that can drive in traffic jams and even find a parking space and park itself without the driver even being present. Not in the future, TODAY!

The FBI warned car owners that wireless vulnerabilities could be introduced by third-party aftermarket devices often used by insurance companies to monitor drivers. Devices likProgressive Insurance’s Snapshot come with Internet or cellular access and plug into your car’s diagnostics ports. These devices are an open gateway to automobile control systems.

The FBI and NHTSA urge consumers and manufacturers to take action to minimize the vehicular cyber security threats related to vehicle technologies.

Consumers are urged to maintain awareness of the latest recalls and updates affecting their vehicles. But criminals are also aware of these updates and it is possible criminals may exploit this delivery method. The FBI has warned that online manufacturer updates are vulnerable. Hackers using social engineering tricks could send an email messages to vehicle owners searching for legitimate software updates. These messages could trick them into clicking on links to malicious websites, opening attachments containing malware, or installing malware from USB drives. To minimize the potential risks vehicle owners should always verify any recall notices received, check on the vehicle manufacturer’s website to verify to if any software updates have actually been issued. Owners are warned to avoid downloading software from third-party websites, and use only trusted USB drives.

Is your car vulnerable? There is a list of the most hackable cars on the road available.

Breaking It Down

Cars have changed. All those wonderful luxuries you enjoy in your new car come at price that is a bit more than money. Hackers are not likely to take over your car trying to kill you. That is possible but not likely. But there is the danger of some childish asshole hacking cars for fun and creating a situation where someone  could get hurt or killed. It’s more likely a hacker will hack your keyless entry system to unlock your car to steal it or something out of it.  They could also potentially disable your car the same way they disable a computer and force you to pay to get your car back. It will probably happen and may already have.

When buying a new car with all the cool new technology you need to sit down with your salesperson and have a nice long conversation about your car’s security features. Make sure you understand how software upgrades are handled. Make sure you also understand how those driver monitoring things from the insurance company works. Another vulnerability you need to look out for is connecting your smartphone to your car via Bluetooth. Everybody has a few apps on their phones. Apps carry malware and one of those apps may interact with your car in ways you were not expecting.

The bottom line is you need to understand more about your car than just keeping it on the road and operating the stereo and air conditioning. Those days are long gone. When shopping for a car do your research and know what technology you are getting and how secure it is. 

Hack My Ride

2015 Escalade

2015 Cadillac Escalade named one of the most hackable cars.

Car hacking is real and the day is coming when “hack my ride” will not sound so strange at all.

There is nothing like a new car. Black people will tell you that a nice car represents success, pride and is as important as their wardrobe. A car is part of the image you want to project upon arrival.

But cars have changed. Gone are the days when a new car had to have a nice stereo, air conditioning a sunroof and plenty of horse power. Now cars have to have great gas mileage, luxury and plenty of technology. And that technology includes Internet connectivity making car hacking the latest cyber threat, 

Internet connectivity and access is rapidly becoming the norm and soon will be standard on most cars. According to Dailytech.com GM is joining with AT&T to provide Internet access in most of its 2015 model year vehicles using the LTE modem. The partnership will permit AT&T customers to add their car as another device on their current data plan. GM plans to make the service available this year. Chrysler has partnered with Sprint for its UConnnect Internet car connectivity.

Currently 23 million cars on the road globally are connected to the Internet in some capacity, according to research firm IHS Automotive. By 2020 that figure is expected to rise to 152 million.

Car experts and journalists believe that car Internet will be an appealing option for new car shoppers. Forbes magazine writes, “Today’s always-connected consumers already rely on high speed data connections in their vehicles, both for drivers and passengers, and the built-in connection offers distinct advantages: a more powerful antenna to improve signal quality, a constant energy source to power that connection, and an integrated design that is optimized for in-vehicle use.”

Cars are now coming ready from the showroom as WiFi hotspots. Black people are smart with our money so you don’t have to be rolling in money to buy a hi-tech car. The 2014 Dodge Dart offers WiFi connectivity with a range of 150 feet. Chevrolet Malibu will be introduced with a 4G hotspot functionality in 2015. The question is who would this vehicle option appeal to? The answer is people who work on the go. Many black business and sales people travel as part  of their jobs. A car with Internet connectivity truly makes that car an extension of their office if not the office itself. In addition there are plenty of other traveling jobs that will benefit from a full-time rolling WiFi. Parents traveling with children can enjoy a little peace while their kids enjoy  movies, games or texting in the backseat.

The new Chevrolet vehicles will also come with  pre-installed apps and the buyer can add their own as well. Standard apps include The Weather Channel, NPR and a car diagnostics tool called Vehicle Health.

Even Apple is getting in the game by preparing a new version of its iOS operating system to deliver iPhone apps and features to car dashboards.

But the same security principles apply to automobile WiFi that applies to your home or other mobile WiFi. You need to secure it using a good strong pass phrase and make sure it not easily identifiable by giving it a generic name.

European car maker Audi already offers Internet access in a number of its vehicles and BMW is also adding 4G capability to its cars. Detroit is definitely moving in that direction. Chrysler Automotive Group is teaming up with Sprint to enhance its Uconnect infotainment system on the Ram 1500 pickup and SRT Viper sports car.
Many luxury cars come with such features as Pandora Internet radio and voice activation features such as the Sync system found in Ford vehicles.

Tesla, a premium electric automaker offers a 17 inch dashboard mounted computer screen that contains a web browser.

Cars with Internet connectivity are here now and there is both benefit and dangers to this new feature. As I have said so many times before if it connects to the Internet it can be hacked. So car hacking is here to stay.  A recent list released by CNN Money reveals what are the most hackable cars on the road to day. The report showed that the 2014 Jeep Cherokee and the 2015 Escalade both have serious security weaknesses. Both cars are equipped with apps and Bluetooth and other connected features. The technology connects the car’s cellular features such as the OnStar system. Unfortunately this system is also connected to the engine controls, steering, brakes and tire pressure monitor system. The Toyota Prius which offers the AM/FM/XM and Bluetooth has a similar flaw.

The problem with Internet in cars is that security flaws in these cars could allow a hacker to take over the car. A hacker may be able to unlock the car to get inside or steal the car altogether. A malicious hacker could take over control of the car by hacking critical functions like steering, acceleration and braking. Other features in the car could also be hacked such as the instrumentation. Needless to say this could put passengers in grave danger at highway speeds.

Don’t take car hacking lightly. In a recent cyber warfare exercise an Army convoy was disrupted by a cyber attack that told the vehicle engine to shut down because the tire sensors were hacked and programmed to report all tires were flat.

In response to potential security flaws automaker Chrysler Jeep said in a statement, “Our vehicles are equipped with security systems that help minimize the risk from real-world threats…Chrysler Group will endeavor to verify these claims and, if warranted, we will re-mediate them.”

Cadillac also responded by saying; “The report does not mention many new security features and mechanisms installed in the Escalade, and its description of the vehicle’s electronic system is not fully accurate.” Cadillac also pointed out some security features “…are private and not accessible to researchers (or thieves).”

What are the most hackable cars? According to Wired.com the top five most hackable cares are:

  1. 2014 Audi 8
  2. 2014 Honda Accord LX
  3. 2014 Infinti Q50
  4. 2010 Infinity G37
  5. 2014 Jeep Cherokee

Wired’s list actually includes twenty vehicles and most of them are 2014 models and the 2015 Cadillac Escalade is included as well.

Technology in cars is not slowing down. The U.S. Department of Transportation and the National Highway Traffic Safety Administration recently approved the V2V communication systems or vehicle-to-vehicle system. Regulators believe that the system will improve safety, reduce  accidents and smooth the way for more connected cars.  Anthony Foxx,  Transportation Secretary, said V2V technology could improve safety for motorists in the coming years in much the same way that seatbelts and airbags did.

V2v is a system where cars on the road communicate with each other and could potentially notify one another when an accident is imminent. The technology could apply the brakes to help prevent or mitigate the collision. Currently Mercedes-Benz offers the most sophisticated collision avoidance system capable of warning of an imminent collision and bringing the car to a complete stop. Other safety features that are coming to cars include pedestrian detection systems and external airbags.

Audi, Volkswagen, BMW, Ford, General Motors, Honda and Toyota and nearly every other car maker is developing some form of V2V technology. German automakers have already begun a pilot program that combines V2V with vehicle-to-infrastructure technology.  This technology permits cars to communicate with each other as well as traffic signals. GM is studying the possibility that V2V systems could identify pedestrians by picking up their cellphone’s wireless signal and alerting drivers.

The average car have as many as 100 computers on board. These computers control everything from the efficiency of the engine to the environmental control to the steering and brakes. Now granted a lot of the older computers are not capable of receiving radio signals from outside the car. But with the emergence of WiFi and cellular technology more and more cars are able to receive outside data.

We have to accept that with this new technology there is the issue of auto hacking and black car buyers need to become more aware of the security vulnerabilities of our car’s technology. If you are shopping for a new car and want these options  you need to know what security is in place to keep you and your family safe. Because someone could hack your ride.

Now you know.

 

 

 

Internet Spying: Your Home is Full of Snitches

ID-10050037

Courtesy of Image go

A lot of African-Americans are going to be extremely surprised by what I am about to tell you. Your home is full of snitches. Everything in it is spying on you. And not just your home. Your car is a snitch as well.

Black people are extremely averse to having our business in the streets. We believe in minding our own business and reminding you to stay out of ours. But we live in the information age and things have become very open and complicated. Technology has gotten to the point where you can’t do much or anything or go anywhere without someone knowing exactly what you are doing. 

AACR Rule #11, Information is the currency and commodity of the digital age.

Let’s look at the devices in your home that are telling your business.

1) Televisions – Black men love a big screen television with all the tricks and features. You gotta have it to watch the game. But these new smart TVs can and do track what you watch. Electronics manufacturer LG makes televisions that not only spy on what channels you’re watching but sends the names of files on thumb drives connected to the set back to LG. Hackers can also hack some models of Samsung smart TVs and use them as instruments to steal data from your network and all the devices connected to it. And are you ready for this? Hackers can even watch you through the webcam built into the television.

2) Your DVR/Cable-Box/Satellite-TV ReceiverNow even if your television is not spying on you then your cable box may be doing the job. Those set top boxes do more than bring you cable television. They can also provide your Internet service. So everything you watch on television and do online is recorded somewhere. Cable providers can track what you are watching and recording. They use this information to target ads more efficiently. Did you read your service contract? You may have agreed to allow the cable company to sell this information and even turn it over to the government.

3) Kitchen Appliances – Yeah; the newest refrigerators and other high tech kitchen appliances are connected to your home network allowing for great convenience and energy savings. But there is a catch; spying and security risks. So what can a kitchen appliance tell someone about you? How about when you wake up in the morning. That connected coffee maker is a snitch. If you have a refrigerator with a barcode reader it will tell someone your shopping habits. Smart kitchen appliances have had known security vulnerabilities for some time now. Can you believe there is a documented instance where hackers were using a smart refrigerator in a malicious email attack. I’m not joking! Hackers successfully used a smart fridge to send out malicious emails.

4) Cell Phones – If this comes as a surprise to you then you clearly have not been paying attaention. Your cell provider may be following your everymove, call and text. This information includes whom you communicate with and your location. This also includes the various apps you load on to your phone. Haven’t you heard about Angry Birds That and other apps may track other more detailed activity. Some apps will sync your phone contact list with the app the providers’ servers by default.

5) Your Webcam or Home Security Cameras Malware on your computer can operate your computer webcam  and record you or your family. That’s right. That webcam may be busy taking photos or video and you think the camera is off. Some notable people have found themselves the target of blackmail from a hacker who captured compromising images. Miss Teen USA was blackmailed by a hacker who took control of her laptop’s webcam. The hacker photographed her naked and demanded more images. Your home security cameras are vulnerable as well. Malware on computers could intercept transmissions from your home security cameras. These cameras are attached to your network and allow you to watch your homes from anywhere. Once hacked a criminal can see you’re not home or, more frightening, who is at home.

6) Your Telephone – You got the bundle right? Phone, internet and television service all in one. All using your home network and router. Easy pickings especially if you have not changed your router default password. Look at your phone bill. Every call, every number you dialed and every incoming call is listed and how long you were on the call. Its all there. And the provider has it too. See #1 & 2.

7.)  Lighting, Home Entertainment System, Home Security System – Can you turn on the lights from your cell phone? Open the garage door? What about your home alarm system? All these things are controlled via the Internet. Very convenient.  But ask yourself if this information is available to outsiders?  Is your security company recording your coming and going? What about your home entertainment system? Do you have a DVD player that streams Netflix? Do you stream music over your home stereo? This information is  relayed to manufacturers of the equipment as well as the supplier of the music or programming. Remember that anything that connects to the Internet can be hacked.

8) The house thermostat (s) Internet connected thermostats are now on the market. These devices provide convenience and energy savings. And the energy companies learn your habits and preferences. Google’s recently purchased the Nest thermostat maker. And keep in mind that Google is a notorious information collector. Your utility company may offer comparable devices to help you save on your energy bills. But what else is that thermostat or better versions that are sure to come telling your utility company?

9) Your Medical Devices This should definitely shock you but its not anything new. Medical devices such as pacemakers, insulin pumps, and other medical devices can and have been hacked. But even if they have not been hacked these devices may still be spying on you. Some pacemakers can transmit patient status information over the Internet allowing the doctor to monitor the patient.  Could this information be intercepted? What if a hacker transmitted phony information to the doctor? Also known as a man-in-the-middle attack.  And please forgive me thinking like this, but what if a hacker took control of a pacemaker or insulin pump? Would that be the perfect murder?

10) Your car – You have GPS don’t you? What about Bluetooth? Pandora radio? What about EzPass or other toll taking devices? Wherever you drive you can be tracked. Cars are the latest target of hackers because more and more come with Internet connectivity and some even act a WiFi hot spots. But what about how you drive? Some insurance companies are now offering devices that track your driving habits in exchange for insurance discounts. Progressive insurance uses a device called a SnapShot. It tracks your driving habits for 30 days and then adjusts your rates accordingly.

11) Your gun! – America loves its guns and it seems everyone has one at home. Is this a privacy issue? As firearms technology advances we may see the day of the  “smartgun.” A weapon that is computerized with various safety features meant to prevent accidents and unauthorized use. Such as by a child or someone other than the owner. Look for these on the market soon.  But can these devices be used to spy on the owner? Can the gun be remotely disabled by a hacker or law enforcement? Would the government be interested in such a high tech measure? Could a citizen or criminal be tracked by following his gun? Could a stolen firearm be tracked or how about illegal gun sales. And what would the NRA say about it? Stay tuned!

Now You Know

 

 

 

Watch Out For Card Skimmers

Watch out for card skimmers. African Americans need to be on the look out for trouble no matter where they are. And using your credit or debit card is no different. Card skimmers are sneaky little devices that can hide on an ATM machine, gas pump or anywhere you use your card.  Krebs On Security has an excellent article about card skimmers and everything you need to now about them.

But what you want to know is how to avoid them. It is possible to spot a card skimmer and avoid getting robbed. And like a lot of things in the cyber world African-American should educate themselves to whats happening.

Lets start with what a card skimmer really is. A credit card skimmer is a portable electronic device that easily attaches to the front of or on top the actual scanner on ATMs, gas pumps, or any standard card reader. Point of sale or POS devices your see in stores are also card scanners. The skimmer is programmed to passively record your card data when you insert your credit card into the real scanner.

These skimmers are temporarily attached to gas pumps, ATMs, or other point of sale terminals. Thieves  like gas pumps and ATMs for two simple reasons. They are easy to retrieve and they get a lot of traffic. A thief needs only seconds to attach the skimmer and just as quickly can retrieve it.

Over the years skimmer  technology has become cheaper and more sophisticated as have the thieves. Thieves have used skimmers in concert with tiny cameras to record your PIN number along with the data on the magnetic strip. If they don’t use a camera thieves have gone as far as to attach  another key pad over the legitimate one to capture your PIN.  The fake pad records your PIN number while passing your PIN to the real keypad beneath it. Now let me teach you how to avoid this cyber scam.

First of all, and this is pretty simple, avoid any ATM, gas pump or other POS that does not look right. Trust your instincts because some gas stations are shady to begin with and anyone can set up their own ATM machine anywhere. You don’t have to be a bank. Bet you didn’t know that? If it doesn’t look right then keep it moving.

 Inspect that card reader and the PIN pad thoroughly.

Pull on it. Try to take it off. It may come off in your hand. Skimming devices are designed to be temporary so they can be easily removed by a thief. They often simply just walk by and snatch it off in an instant.  Check and see if it looks like the other card readers and key pads. Banks and merchants understand that skimming is on the rise. Some might have a picture of the slot and pad so you can see what it looks like. But I wouldn’t trust that either. Some really bold thieves have replaced the entire front of the ATM!

To see what some skimmers look like check out these examples of card skimmers so you’ll have an idea of what to look for.

I said earlier that skimming technology is advancing. Now thieves are using Bluetooth skimmers. These wireless devices connect directly to the pump’s or ATM’s power supply, and include a Bluetooth chip. The device transmits the card and PIN information to the thieves wirelessly. Thieves just pull up to the pump or ATM and download the information directly to a laptop.

Avoid using your PIN number at the gas pump.

When paying at the pump with your debit or credit card you sometimes have the option to use your card  as a credit or debit.  Choose the credit option.  This allows you to avoid entering your PIN for a camera to see or a phony keypad to record. And always, always be alert to strangers lurking nearby. Also when using your card as a credit card you only have to use use your zip code to complete the purchase. A much safer option.

Keep an eye on your accounts.

Black people don’t play when it comes to our money. So check your accounts regularly; like every 24 hours. The quicker you spot a fraudulent charge the easier it is to deal with. That means bank accounts and credit card charges.

Now you know.

For additional information on skimmers please visit;

The Verge: The tiny devices that steal credit card data are getting impossibly hard to detect.

Krebs On Security: The Rise of Thin, Mini and Insert Skimmers

Krebs On Security: All about Skimmers