Tag: #safetyandsecurity

Three easy ways to find hidden cameras in hotels and rental homes

Nearly 60% of Americans said they were worried about hidden cameras in Airbnb homes in 2019. And 11% of vacation home renters said they had discovered a hidden camera during a stay.

© Provided by CNBC

The number of hidden spy camera reports has proliferated because of the increasing accessibility and inexpensiveness of such cameras, combined with the public’s growing ability to detect them, said Kenneth Bombace, CEO of intelligence firm Global Threat Solutions.

Experts share simple methods to locate hidden spy cameras in hotel rooms and rental properties.

1. Conduct a physical search

When looking for hidden cameras, start with areas like bathrooms and bedrooms, Bombace said.

Airbnb hosts are allowed to have cameras in their houses, but they must inform guests and the cameras must not be placed in private spaces, he said.

Almost all covert cameras are concealed in household devices, such as lights, thermostats, and plugged clock radios, Bombace said.

“Look and see if anything looks like it’s out of the ordinary, and then inspect it closer,” he said.

Most spy cameras are connected to an electrical source or an electronic device, Bombace added.

He said the first thing he does in a bedroom is unplug the clock radios and put them in a drawer.

Michael O’Rourke, CEO of security consulting firm Advanced Operational Concepts, also said he does exactly that.

Even well-hidden cameras will have a small amount of reflective glass from the lens, Bombace said.

“If you use flashlights and shine them on something you think could possibly hide the camera, you will see a reflection in there, which is a pretty good way of detecting if there’s a camera,” he said.

But O’Rourke said care is needed to accurately locate hidden lenses.

“A lot of people will try to do amateur lens detection, which can work,” O’Rourke said. “However, if you don’t have a good search methodology — if you go too fast, if you’re impatient — you can miss quite a bit.”

2. Look at the Wi-Fi network

A hidden camera must be connected to a local Wi-Fi network in order to be viewed remotely, Bombace said.

Wi-Fi scanning apps like Fing can identify devices on the network that are cameras, he said.

Those who hide cameras might use a separate Wi-Fi network to stream live video footage, but Wi-Fi scanning apps can also detect how many networks are in a residence, Bombace said.

But Kody Kinzie, a security researcher at data security and analytics firm Varonis, warned that a network scanner may not catch everything.

“The next thing you can do is look for devices that are broadcasting their own network name,” he said.

He recommended using apps like WiGLE to find devices that are “broadcasting some sort of Bluetooth and Wi-Fi network name,” Kinzie added.

3. Buy a spy camera detector

If all else fails, spy camera detectors can scan for radio frequencies connected to hidden cameras. These can be easily bought online from websites like Amazon or AliExpress.

But O’Rourke noted this method works only if the hidden camera is transmitting data.

“So many of them now have SD cards that just store data to be retrieved after someone leaves,” O’Rourke said. “And so these are much more difficult to detect.”

What to do if you find a camera

After locating a camera, immediately disconnect it without damaging it because the camera’s firmware may contain identifying information, such as login credentials and the Wi-Fi network it was connected to, Kinzie said.

O’Rourke said hidden cameras found in hotel rooms should be reported to the front desk. He advised then moving to another hotel instead of requesting another room.

“Once you find a camera in a room, I wouldn’t trust any other room in that entire hotel,” he said.

Bombace also recommended reporting hidden cameras to the police, even if it is just for documentation purposes, in case litigation or criminal charges should follow.

“You could also provide [the report] to Airbnb so they can prevent this person from ever doing this again,” he said.

But ultimately, Bombace said, he would not avoid renting a home over fears of spy cameras.

“I would just take common sense steps to protect yourself. And realize you’re not in your own home,” he said.

Article by Chelsea Ong for CNBC©

Source: Three easy ways to find hidden cameras in hotels and rental homes (msn.com)

Hackers Exploit a Critical Chrome and Edge Vulnerability, Update Now to Fix It

I posted the Chrome story yesterday however, another browser, Edge, is also at risk. Edge is a Chromium-based browser and needs to be updated against new vulnerabilities.

Google, Microsoft

This vulnerability, called CVE-2022-1096, was reported to Google by an anonymous user or researcher. It appears to affect all Chromium-based browsers, including Opera and Brave. Details on the vulnerability are slim, as Google doesn’t want to share any information that may be useful to hackers

Both Chrome and Edge are supposed to update automatically. That said, you should paste chrome://settings/help or edge://settings/help in your address bar to see that you’re running version 99.0.4844.84 of Chrome or version 99.0.1150.55 of Microsoft Edge.

Source: Google via Forbes and reviewgeek.com/

Google Issues Massive Warning To Users Of Chrome

Google confirmed a plethora of vulnerabilities on their Chrome browser Tuesday, many of which pose a “high” threat level to users.

© REUTERS/Dado Ruvic/Illustration

Thirty different security issues were discovered in Chrome, which impact users of Windows, macOS, Linux, and mobile devices, according to a blog post shared Tuesday by Google. A majority of the information on the vulnerabilities is not being shared by the technology company, as is standard practice with the organization, Forbes reported.

Use-After-Free (UAF) attacks appear to be the best method for breaking into Chrome, Forbes continued. A UAF attack is a memory exploit and has broken through Chrome security more than 65 times since the start of the year, the outlet reported.

Chrome is likely vulnerable to a new type of “zero-day” hack, according to Forbes. A zero-day hack means that the vulnerability in a platform is known to hackers before Google, or any company, can deploy a fix. At present, every Chrome user is vulnerable to this type of hack, the outlet noted.

Google is set release an update in the coming days to fix the bugs that make these hacks possible. Users can manually update their browsers by using the setting feature if they don’t want to wait for the update to go through automatically, the outlet continued.

Research on hacking suggests that passwords of any type under seven digits can be broken instantly, the Daily Mail stated. Those passwords with eight characters can typically be guessed in under an hour, the report continued.

Article by Kay Smythe for The Daily Caller©

Source: Google Issues Massive Warning To Users Of Chrome (msn.com)

5 Home Security Systems Vulnerable to Hackers

Several popular DIY home security systems can be disabled with nothing more than a laptop and a device the size of a walkie-talkie.

That’s the concerning finding in recent testing from Consumer Reports. Using a technique called a “jamming attack,” thieves can block wireless signals from doors, windows and motion sensors, which lets them enter your property without setting off an alarm.

CR cautions “owners of these systems needn’t panic” because jamming attacks are not very common. But if that’s small comfort, here’s a look at which security systems failed the test and which held up.

©Joni Hanebutt / Shutterstock.com

The most vulnerable home security systems

Two home security systems performed worst in Consumer Reports’ tests of their ability to withstand jamming attacks:

  • Cove Home Security System
  • Eufy 5-Piece Home Alarm Kit

In addition to low ratings on jamming attacks, both of these systems are vulnerable to another kind of hack called “replay disarming.”

This technique involves copying the wireless signal from a keyfob used to disarm your alarm. Consumer Reports points out this is more difficult for thieves to pull off because they would have to be nearby when you are entering the house to capture the signal.

The publication also shared its findings with the alarm makers so they can work on fixing it.

Other vulnerable home security systems

While not performing as poorly as the Cove and Eufy devices, three other systems fell to jamming attacks in tests:

  • Abode Iota All-In-One Kit
  • Ring Alarm Security Kit (second generation)
  • SimpliSafe The Essentials SS3-01

The least vulnerable home security systems

These brands withstood jamming attacks and replay attacks from Consumer Reports:

  • Blue by ADT
  • Ecobee
  • Honeywell Home
  • Kangaroo
  • Ooma

What it means for you

While Consumer Reports says these kinds of attacks are not common, you can still take steps to protect yourself.

Don’t advertise what security system you use with yard signs and window decals. That’s essentially telling thieves which instruction manual they need to look at to hack your system. Instead, use generic signs or decals as a deterrent.

Article by Brandon Ballenger for money talks news©

Source: 5 Home Security Systems Vulnerable to Hackers (msn.com)

6 Ways to Stop Hackers From Emptying Your Retirement Accounts

There is a growing threat to your retirement savings, and you probably are not aware of it. Thieves increasingly are targeting individual 401(k) accounts by impersonating the account owners so the crooks can steal thousands — or even hundreds of thousands — of dollars.

© Nicoleta Ionescu / Shutterstock.com

You might think that the 401(k) plan itself would be responsible for reimbursing the funds it released in these situations. But that’s not necessarily the case. As the WSJ reports, federal law is murky about who is responsible for losses associated with cybertheft. While custodians generally pledge to reimburse such fraud, some may include slippery language in their terms that can leave you in the lurch.

Even a company as respected as Vanguard says, “if there’s evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement.”

So, what can you do to protect yourself? The following steps will go a long way toward keeping your retirement savings safe.

Create ridiculously strong passwords

How strong is strong? Eight characters? How about 10 characters?

Try at least 16 to 25. That’s what the folks at LMG Security — which provides cybersecurity and digital forensics services — recommend. Other experts agree.

LMG says its penetration testers can break down an eight-character password hash — a scrambled version of the password — in anywhere from less than eight hours to about seven days, depending on the nature of the hash.

It would take a bit longer to crack a 16-character password hash — up to more than 147 trillion years, although LMG notes that “well-funded malicious actors” likely could do so more quickly.

Use password managers carefully

Password managers provide a great service, and they have a solid reputation for keeping your information secure. But a detail in the WSJ story might give you pause when considering whether to use a password manager.

Alight Solutions, a 401(k) plan record-keeper, says 401(k) plan participants who give passwords to third-party services that aggregate passwords or financial-account data might not be reimbursed if “our investigation determines that a fraud event is traceable” to such a service, the WSJ reports.

(Alight Solutions is the 401(k) plan record-keeper that allegedly released Bartnett’s $240,000 to the fraudster who attacked her account.)

That means you might be out of luck if a data breach that led to the theft of your identity can be traced back to your password manager. So, at the very least, you should choose a password manager very carefully.

Don’t use text-based verification

Two-step verification, also referred to as two-factor authentication, adds a layer of security to your online accounts. Instead of providing just a username and password to access your account, you must also provide another piece of information you have, such as a code sent to your phone via text message or an authenticator app.

This extra step makes it harder for a crook to access your retirement account or any other account for which you set up two-step verification. But if you have verification codes sent by text message, it’s possible for a fraudster to bypass this security measure.

The scammer does this by calling your cellphone company, pretending to be you and asking the provider to change the SIM card associated with your phone number to a SIM card in a phone that is in the scammer’s possession.

Think it can’t happen to you? It happened to former Twitter CEO Jack Dorsey when a crook took over Dorsey’s Twitter account.

For this reason, security experts recommend two-step verification that relies on an authenticator app over verification via text messages. Examples of such apps include Microsoft Authenticator and Authy.

Use a separate, secret phone number

This is tough — but necessary — medicine.

Just as a crook who knows your phone number can impersonate you and convince your cellular provider to make changes to your cellular account, a crook could call a financial services provider and impersonate you in an attempt to access your retirement account.

One way to thwart this type of identity fraud is to give your financial services provider a different phone number that you keep secret by not using it for anything else. Sound like overkill? Remember, a good chunk of your life savings could be at stake if someone is able to dip into your retirement account and clean it out.

Set up an online account with your plan provider

Ben Taylor, a consultant at investment-consulting firm Callan, tells the WSJ that by exercising the option to set up an online account, you beat the crooks to the punch. As he puts it, “unclaimed online accounts are easier for impersonators to take control of.”

In other words, if you have the option to set up an online account and you take advantage of it, an identity thief can’t open an account in your name and then take control of it.

Consider spreading retirement money across multiple providers

There are good reasons to keep all of your retirement funds with a single financial services provider. Not only is it more convenient, but many providers will cut you a break on fees or offer other perks as you accumulate more money with them.

But there is also a risk: If all of your money is with one provider and a fraudster gets hold of that account, you could be wiped out, even if the money loss is just temporary.

By having some of your retirement money — say, your individual retirement account and health savings account funds — with a separate provider, you will at least reduce the risk that you could lose your life savings overnight and have to scramble to pay your bills while waiting to get your money back.

By Chris Kissell for Money Talks News©

Source: 6 Ways to Stop Hackers From Emptying Your Retirement Accounts (msn.com)

%d bloggers like this: