Category: hacking

Hacking has become a generic term breaking into the system. Mostly aligned with digital fraud. It ranges from secretly assessing someones digital account to cyber attacks.

Your voice – the newest member of personal digital data.

Our vocal cords are now an instrument for the digital age. Our voice is transformed into digital content in two ways. Voice assist that allows you to active a device hands free. And voice security, uses your vocal cords as a unique identifier for a user.

Lets start with voice assist. Simply put it is a hands free device waiting for your next command. These devices can listen carefully and translate your speech into text, assist in turning a device on or off, or taking dictation. It decodes the human voice without having to use a keyboard, mouse, or press any buttons.

As we fill our homes with appliances that are smart/connect via Wi-Fi or Bluetooth we give ourselves more freedom by providing the ability to control the device with our voice.

Technology has increased the confidence factor in understanding the intent of the request. Smart technology weeds out the ‘ums and hums’ from the dictation or command. Eliminating the unnecessary words, allowing people to speak naturally in a comfortable conversation with a device.

The most interesting and beneficial things about Voice Assist is the ability to be hands-free. We can now turn lights on/off by shouting across the room, instead of walking over to the wall switch. We set kitchen timers with our voice when our hands are messy or full.

Voice assist tools (like Amazon Echo, Google Home Assist, Apple Siri & Comcast TV remote) use a wake word to activate the beginning of a request. A wake word is a word that signals the device become active and is followed with a request. For the Amazon Echo, there are a handful of wake words the factory installs, you pick one during the set up. The most popular is “Alexa.” A typical request may be “Alexa, what time is it?” She will respond with an answer.

These devices are always on, waiting for the wake word. And like any connected device, there are security factors to address. If the device is always listening, the bad guys can also hack into the device and listen, without your knowledge. Similar to a baby monitor.

And if the device controls other home applications is the possible the hacker can gain control and manipulate the gadget.

To continue to protect yourself, always reset the factory passwords in any device. This may not prevent all hacking but make it hard for them to access your personal devices.

If you are wondering what data is stored, Amazon states the only history recorded from the Echo devices are requests and answers provided by Echo. To date, Amazon has stated that they have not released any access of anyone’s Echo activity to the government. Amazon reports it only stores the data accessed by its cloud-based storage system and does not consistently record or listen when not in use. However, in theory, a government agency could request a warrant to listen in even before you use the wake work.

Another use of your voice becoming data is thru biometrics. Biometrics is the means of verifying a personal identity thru physical characteristics, much like a fingerprint or retinal scan, your voice can be used as an identifier.

Voice security systems store your voice print data similar to a fingerprint and can be used to authorize or verify an individual. It is another form personal identify, much like a drivers license. It can distinguish similar voices from one other. Banks have been using voice recognition as a second step validation process for clients over the phone for over a decade.

Today voice assist devices do not use your voice a security mechanism. But they are getting smarting, providing the ability to distinguish between different voices in a household. So that when you ask it to “read my horoscope,” it knows who is asking and reads the correct zodiac sign.

To keep your voice assist devices safe:

    • Know what devices are always on, and always listening.
    • Watch what you say around a voice assist device.
    • Change all factory passwords on all devices.
    • Give each device a unique password.

What is PII (Personal Identifiable Information)

United States General Services Administration defines PII as

“any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” So, for example, a user’s IP address as used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.

Why is this important to you:

A company as the obligation to keep your name safe and secure from thieves (crooks, hackers, the bad guys).

Depending on the type of information lost/stolen, an individual may suffer social, economic, or physical harm. If the information lost is sufficient to be exploited by an identity thief, the person can suffer, for example, from a loss of money, damage to credit, a compromise of medical records, threats, and/or harassment. The individual may suffer tremendous losses of time and money to address the damage. Other types of harm that may occur to individuals include denial of government benefits, blackmail, discrimination, and physical harm.

Because of the power of modern re-identification algorithms (aka data science), the absence of PII data does not mean that the remaining data does not identify individuals.

Home devices and your digital data.

NOTE – there is no way I can list every device that collects data in your home. But I’ll list the ones I use.  You can add or delete to your list.

A digital device is one that has memory, via hardware/software. The memory can be local/internal or connect to external services via wi-fi, blue tooth, etc.

Data stored can be all sorts of information. From how often it is on to what settings. Something simple would be your home thermostat. If it may have connected to a website or mobile app.

  • My iPhone. Any smart phone.
  • My iPad. Any tablets, game consoles, laptops.
  • AT&T Digital life – aka my alarm system. Depending on the various components connected to your system, it knows when you are home, how often you leave the house. Commonly used doors and windows.
    • Don’t let your guard. The alarm system is for my physical wellbeing. Which has a digital component, a website and app. So I only have cameras on the outside of the house. I also keep a sticker over my cameras on my MAC, laptop and tablets.
  • At&T internet and cable TV, And all streaming entertainment (Hulu, Netflix, YouTube). They know when you are watching, how long you are watching, what time you are watching, type of device you are using.
    • There are some viewing devices that use voice commands and motion sensor, and would be able to determine when the room is occupied and the activities.
  • My Buick and OnStar. Besides the GPS information, where you go, how often and when, your vehicle’s diagnostics system collects; tire pressures and other engine conditions.
  • Alexa (aka Echo). This devices is always on and listening. FYI – all request you make to Alexa are captured in history within the Echo app (accessed online). Echo is an Amazon product, marring online shopping and at home activity into an individual’s profile.
  • GoPro and other digital cameras/videos. Time and location are stored in the memory with the photos. A camera that uses 35 mm film may have some memory within the camera software itself.
  • Printers. Did you know that trapped deep in the printer memory is a copy of everything that has been scanned and printed. There is a tiny memory chip that compresses the files to achieve. This chip allows the system to recall the last X copies and other fun features.
  • FitBit and other health monitors.
  • Craftsman Garage Opener. Wireless keypad and accessible via mobile app.
  • Roku
  • Wii and other gaming consoles.

That is a good list, considering I claim to be low tech (maybe I’m medium tech). I’m not an early adopter, but I am curious. It takes me time to commit to purchasing new tech gadget, but I do have a collection of digital devices.

You may have a baby monitor, automatic vacuum, anything that connects to a mobile app, website or router.

 

Autonomous vehicles

When you think about an autonomous car what do you picture in your mind? Something like the Jetsons or KITT form Knight Rider.  When we talk to our friends and co-workers about autonomous cars – the conversation gets heated. Some against it, are for it, some think they will never see it happen. What does autonomous really mean? Automated? Self-driving? Handsfree? Does it pick up your Starbucks before you?

Well we know autonomous cars  are vehicles that are capable of sensing its environment and navigating without human input. And I believe the number one selling point for an autonomous car is the safety factors. But I’m still not sold that in my near life time (2020/2025) there will be 100% autonomous communities. We have different ideas of what to expect out of autonomous and transportation. My vision is more like the Jetsons. Flies through the air and is quick.

Are you thinking about how an autonomous car would affect your life?

Changes to our neighborhoods:

  • What happens to our garage attached to our house? Parking structures and handicap parking spaces?
  • Are they fuel efficient & environmentally friendly?
  • Do they just appear and dis-appear as needed?
  • Does it eliminate Valet parking?
  • Are they self charging?
  • Truck drivers?

Vehicle Ownership

  • Does everyone car-share?
  • Can an average individual afford their own autonomous vehicle?
  • Will there be as much as an emphases on customization of  vehicles?
  • Will it create value in the collector cars – ie ’66 vet?

Respondents to an independent survey were found to be most concerned about software hacking/misuse, and were also concerned about legal issues and safety.

Sensors and data will play a part in the infrastructure designed for autonomous cars. 2012, Computer scientists at the University of Texas in Austin began developing smart intersections designed for autonomous cars. The intersections will have no traffic lights and no stop signs, instead using computer programs that will communicate directly with each car on the road.

But even after all the technology is built, we have rules that conflicts with innovation. The Vienna Convention on Road Traffic This international treaty, designed to facilitate international road traffic and increase road safety, was agreed upon at the United Nations Economic and Social Council’s Conference on Road Traffic in 1968 and came into force on May 21, 1977 (http://www.unece.org/trans/conventn/ crt1968e.pdf). The convention states that “Every driver shall at all times be able to control his vehicle,” which conflicts somewhat with the automatic control concept. Systems such as antilock braking systems or electronic stability programs are acceptable because they do not take full control of the vehicle but rather help the driver to follow a desired path, possibly in situations where control of the vehicle has already been lost. Wider use of technological advances, however, will require amendment of the convention.

Identity theft

password

With the use of digital data – we expose ourselves to digital identity theft. And it is not just your financial information. Through a  couple of (fairly) easy questions a hacker can access your email. And it not just your email they now have access too, think off how often you have had to retrieve your security password for an account and they sent the link to your email. A password can be just as valuable as a financial account number to a hacker.

HOW MANY TIMES HAS YOUR DIGITAL DATA BEEN EXPOSED?

My corporate credit card number was stolen this week. All is okay, it was a card that only gets used for business expenses and the credit company is issuing me a new number and dealing with the fraudulent charges themselves. Somehow the thief was able to create a new card using my card number. Not total sure how that works, but it happened. That kind of vulnerability got me thinking, time to beef up my own security…

  1. Change your passwords. If you have been using the same passwords for ‘years’ it is time to upgrade. When you are creating your password think bank security – strong and unique.

There are password managers out there. Some store your passwords in a digital safe. Some help you manage your logins across devices.

LEARN ABOUT TWO FACTOR AUTHENTICATION

2. Monitor your accounts online and off line. Be sure to monitor your account statements. Set up text messaging alerts for high risk accounts.

I personally purchase identify theft monitoring systems. I’ve had my house broken into and my personal laptop stolen. Although the computer itself was password protected. I’m sure if you looked hard enough I had one time downloaded a financial statement of two, and my emails accounts were ‘always’ logged-in.’ I get a monthly updated on an activity that uses my identity, such as credit reports.

ON AN ODD NOTE: A friend of mines knows the passwords to her son’s accounts (he is over 21 and graduating from college this spring). I’m guessing he doesn’t know he is being stalked by his own mother. She has access to his Facebook account, both school and personal emails and uses Apple’s Track My iPhone app regularly to know where he is at all times.

It is probably never safe to allow your device to safe your password or auto login. But I have to admit I do it, who has time to re-enter this information every day. If your device is lost/stolen it only takes accessing the device to enter/access private sites.

So take a couple of minutes this week to reconsider how you create and save your password and account information. And then create your password strategy:

  1. Create a couple of different passwords to use.
  2. Use two factor authentication when available.
  3. Update your contact details on old accounts.
  4. Delete old accounts not being used.
  5. Spend some time looking at security applications provided by the products you use today.

Yahoo has a process to create an app password that enables a Second Sign-In Verification. Apple has iCloud Keychain. And there are numerous free apps that provide password management tools.

Now go and create a digitally secure world for yourself.

Your car, your car’s data and you.

Today’s vehicles  are collecting data, whether it is validating that the vehicle is operating to standards, monitoring the drivers’ habits, or providing navigation. Some of this information is required by federal law and some is personally data to help you maintain your vehicle.

DATA REQUIRED BY US LAW

Clean Air Act Amendment 1990:

The EPA requires all vehicles built after 1996 must have On-Board Diagnostics (OBD). And newer vehicles have standardized computer systems (also known as OBDII). These continually monitor the electronic sensors of engines and emission control systems, includingClean Air buttons the catalytic converter, while the vehicle is being driven to ensure they are
working as designed.

Each OBD system is required to collect standard information that provides all current information and a snapshot of the same data take at the point when the last diagnostic trouble code was set.

National Highway Traffic Safety Administration (NHTSA):

Also collected driving information is the Event Data Recorder (EDR), similar to an airplane’s black box.  The EDR monitors the vehicle’s network of sensors for signs of a crash and stores a few seconds of the data stream, dumping and refreshing the information constantly. The type of information collected in the EDR varies among manufacturers, but it generally includes throttle and brake-pedal position, steering angle, yaw rate (the vehicle’s rotational velocity), speed, and impact-sensor data. This information is saved permanently following an airbag deployment and can be accessed through the OBD-II port by a technician using specialized equipment. No location data is stored in EDR.

EDRs have been used since the 1990s and have recently been standardized by the National Highway Traffic Safety Administration (NHTSA). EDRs are required equipment on all cars beginning in 2013, with the aim of making their data easier to obtain for crash investigations. Lawyers have used this data in court cases to demonstrate driver behavior during an accident.

EDREDR data

Non-regulated data from your vehicle

The diagnostics systems actually has open the field to collect all sorts of vehicle information. Allowing each manufacture to define additional modes for vehicle data collection. A modern car knows hwere you are, is constantily tracking your driving habits and may even be able to call for help if you have a crash, or your airbags deploy.

Though not part of the EPA’s OBD II standard, the diagnostic read-outs used by dealership technicians are also read through the OBD II connector. These service codes show you such things as knock sensor operation, FI pulse width, ignition voltage, individual cylinder misfires, transmission shift points and ABS brake condition. There can be over 300 readings available, depending on the vehicle manufacturer and model. Vehicles vary in the readings they will support. Scanners vary widely in the number of these signals that they can read. Some show just the basic OBD or OBD II signals, others show the full range of service codes.

Image result for dongle for your carThis is the type of information that can be gathered by the auto insurances via a ‘dongle‘, (see image). Think of this a Fitbit for your car: it measures input, output, distance, etc. A combination f the OBD and 2-way communication, the system lets companies like OnStar read the data and create reports about the driving history.With the help a hardware adapter and a mobile app, you can read the vehicle data your self.

This dongle is connected to your OBD port and records your driving experience: speed, breaking  habits; it will read any data the vehicle is collecting. It can tell if you are wearing your seat-belt, how many hours the car is driven, what hours it is being used and the locations it visits.

  • Shows real-time data. You can see everything from how fast you’re traveling, how hot your engine is, the voltage of your battery, and a bunch of other information that most people don’t really care about as you drive.
  • Maintains trip history. You can see a history of your trips and all the accompanying data, including how long the trip was, average mile per gallon.

Most navigation systems are separate from a car’s computer. Now a days manufactures are adding features to vehicles such as providing GPS; which can collect your routes, frequently visited locations. Most vehicles have a one-way GPS system streaming to the car. But with the additional of telematics systems in the car (think OnStar), 3rd parties now have the ability to see where you are, your driving speed. and what state your care is in mechanically.

If you think your mobile phone is the only device collecting your location, think again. Your Vehicle has the same data collection services as your smart phone (gaming console, smart watch, Go-Pro camera).

What can you do about the tracking for a new-car buyer?  Not much. Pay close attention to the terms in the user agreement for any telematics (cellular connection), and opt-out of the service.

The more you know about YOUR DIGITAL DATA the more you can control.

Here is what one OEM says:

We receive information about you through vehicle sales records provided by your dealer and we may obtain, with your consent, data obtained from your vehicle’s Event Data Recorder (“EDR”) as described in your owner’s manual (i.e., how various systems in your vehicle operate, the speed and distance of your vehicle). For additional information about EDR data, please see your owner’s manual. We also may obtain information about you and your vehicle from GM affiliates, GM dealers, GM licensees for consumer merchandise, GM credit card bank partners and other sources such as companies that provide lists of potential vehicle purchasers and current owners, if such companies are permitted to share your information with us pursuant to their privacy statements.

It’s becoming apparent that vehicles also collect a lot of interesting data on drivers themselves, placing their privacy at risk. Senator Markey found that most manufacturers collect data on customers, but often drivers are “not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation”.

 

 

 

 

How many times has YOUR DIGITAL DATA been exposed?

The New York Times: How many times has your personal information been exposed to hackers?

The NYT has put together an interactive assessment tool to highlight a problem that a reader may only passively consume.

  • Participants answer a series of questions about jobs they’ve applied for, online services they’ve signed up for, who their health insurance providers have been, and at which retailers they’ve used credit or debit cards.
  • As they do that, the assessment tool dynamically updates a tally of how many times different pieces of the participant’s personal information have been exposed to hackers.

It makes the story come alive — and makes it very personal to each reader.

  • At the end of the assessment, The New York Times gives you links to both the stories they’ve published on each individual hacking and, more importantly, links to the announcements from the companies that were hacked, which often include remediation options for those affected.