Keeping Your Online Gadgets Safe

A wide range of household gadgets are being targeted by hackers, now that a gap in their security has been revealed. It is vital that for your own safety and security that you know how easy it is to keep your gadgets free from hacking by burglars and other criminals, so I shall outline very easy ways to enable this safety.

Gadgets that are being targeted include televisions, kids’ toys, smart thermostats, smart speakers, baby monitors and smart cameras. Most experts within this field have stated that the security of these devices is very good, but devices that use wireless technology is a criminal’s path straight into your own home, as they can easily be hacked. Similarly, Bluetooth connections between gadgets is another method of access into your own private life within your home. These have all come about due to the passwords attached to the gadgets being easily predicted, and not changed by house owners, leaving them vulnerable to hacking by burglars. Below, we look at the gadgets listed above, and advise you with some very easy steps to make them much safer and resilient to hackers.

Televisions:

Televisions come with cameras, microphones and web connection, all of which are accessible for hackers, potentially being able to use these means to broadcast inappropriate videos directly onto your TV. To resist this from happening, put some black tape over the top of the camera on your TV, and tweak your security settings to make it harder for hackers to get through (reset password etc.).

Kids’ Toys

Your children could be contacted by perverts through their gadgets where offensive images, videos or voices could be broadcast to them. Which? Has stated that karaoke machines, robots and walkie talkies all had security flaws, and 3 of the 7 toys tested could allow strangers to be in contact with the user. To improve the security of these gadgets, alter the PIN numbers and passwords, and turn the gadgets off when not in use by the children.

Smart Thermostats

The altering of your heating in your house could leave clues to hackers and burglars as to whether or not you are home, where if the heating is off for a long period, it would suggest to them that you are not in your house, leaving it vulnerable to burglary. To avoid your thermostat being hacked, again alter your password to something strong, and potentially allow two-step authentication, making your gadget more resilient and less likely to be hacked.

Smart Speakers

One of the best speakers in the market is Amazon’s Alexa, a gadget found in within most families now-a-days. However, there are some security fears that hackers are listening or even watching your daily activities through the cameras that some of the products are equipped with. Look for cameras on the product, and cover these up. There is also an option to opt out of being listened to, and manually programme instructions to Alexa through a tablet, being more secure, if strong passwords are set up between the two devices.

Baby Monitors and Smart Cameras

Some video cameras that can be bought cheaply on online shopping markets such as amazon have been tested to have security flaws, making it easier for hackers to access your gadgets. Weak passwords and remote access for strangers were noticed as key factors that meant hackers could easily use the cameras to investigate your homes. Before you buy a product such as this, use products that are well-known such as Arlo and Nest, which all have a high level of security.

If you require any help or advise whilst setting up your gadgets please get in touch with us here https://www.mpmit.co.uk/contact-mpm-it-computer-support-services/

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

Home Workers – This is for you

The interests and cyber security needs of our customers are at the heart of everything we do. This is particularly important during these unprecedented and challenging times.

Millions of people the world over have made a sudden shift to working from home due to the current global circumstances. With our customers in mind we are developing material to help you stay safe and secure when you are online.

Protect those around you by staying connected, private and by sharing valid information.

Unfortunately, as you may be aware, cyber criminals are taking advantage of the anxieties and concerns around the coronavirus, Covid-19.

This has led to a flood of phishing mails that either attempt to steal log-in details belonging to remote workers or install malware on to a victim’s computer. Other infection methods are also being used such as websites that harbour malicious code and apps that are actually fronts for ransomware among other things.

To Protect yourself here are a few useful tips……

Mac malware email draftsEmails
Whenever you receive an e-mail that asks you to click or open a link, take a GOOD look at the sender’s actual email address, not just the displayed name (which could be a trick). You can usually see this by hovering your mouse over the sender’s name.

teleconferencing makes the world smallerWebsites
If opening links from within an e-mail, look in the URL address bar to see the domain hosting the web page, is it what you would expect – or is it a website you have never heard of? Again, you can hover your mouse over the link without clicking to see the destination website.

Dr Larry RobertsYour Systems
Keep your operating system and apps updated – this ensures you have the latest patches against any known exploits

Snoopers' charterLock or close your laptop when you’re taking a break, this will ensure that others in your home don’t accidently click on malware links or otherwise mess up your work.

With these tips in mind, please take an extra moment to review incoming emails, and the websites you visit to avoid becoming a victim of these attacks. Be extra careful around your online banking and financial investments and don’t be fooled by easy money. If it’s too good to be true, it usually is.

We express our gratitude to those of you who are working on the frontline to combat this virus and offer our sympathies and best wishes to those who have been impacted.

We’re in this together! Stay safe both online and offline!  If you need any help with anything mentioned in this blog please get in touch.

With Kind Regards

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

‘Smart’ Doesn’t Mean ‘Unhackable’

Many vendors will tell you that their smart device is unhackable. However, in reality, that’s unlikely to be true.

When we talk about smart devices in this context, we’re not talking smartphones, but rather the myriad devices that make up the Internet of Things. All those gadgets we can’t possibly live without.

All of these smart devices have one similar characteristic; they all have poor security.

Alarming security issues

A recent article on BullGuard’s blog highlights the myth of the unhackable smart device. They wrote that:

Two of the world’s largest car alarm manufacturers recently proved this point, albeit inadvertently.

Viper, known as Clifford in the UK, and Pandora Car Alarm Systems have something like three million customers between them. Some security researchers recently tested these smart car alarms.

The results don’t inspire confidence. They discovered straightforward vulnerabilities in both alarms’ APIs, which knit together a vehicle’s existing smart features with the smart alarms.

The researchers probed these vulnerabilities and were able to tamper with existing smart parameters, reset user credentials, and hijack accounts and more.

  • The vehicle type and owner’s details could be stolen, a car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobilizer hijacked. 
  • In Viper’s case, a security flaw in the API parameter led to improper validation, which provided attackers with the ability to compromise user accounts. The research team found that the same bug could also be used to compromise the vehicle’s engine system. 
  • The Pandora alarm can be used to make SOS calls in cases of emergency. This is why it is fitted with a microphone. But because of the flaw, the microphone could be used for snooping. 
  • In Pandora’s case, cyber attacks could also result in the car engine being killed during use.  It’s designed for use if a car is stolen, which makes sense, as long as it isn’t hacked. But in the hands of an attacker, it could be deadly. Imagine hurtling down a motorway, the engine suddenly cuts out, and there’s a 44-ton truck sitting right behind you.

To the misfortune of Pandora, it claimed on its website that its smart alarms were unhackable. That said once the researchers informed the company it swiftly deleted this grandiose claim from its website.

Also, both companies responded quickly and fixed the vulnerable APIs as soon as they were informed, which is encouraging.

We may not be seeing real-world cyber attacks on cars yet, but given the pace of smart device adoption, it’s something any sensible person wouldn’t bet against.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages. 

Source:BullGuard

Sony Bravia Smart TVs Need Patching

Do you have a Sony Bravia smart TV?

Have you changed its default settings?

In that case, you may need to upload a firmware update.

This is easily done by going to the Download section of the TV’s product page to check it’s running the firmware update.

Sony Bravia models with bugs

Several bugs have been detected in the following Sony Bravia models:

  • R5C, WD75, WD65, XE70, XF70, WE75, WE6, and WF6 series.

These include a stack buffer overflow, a directory traversal bug, and a command injection flaw.

The command injection flaw is the bug that could lead to remote code execution with root privilege. This means if someone is on the same local area network they can remotely take control of the TV.

However, it’s worth noting:

  • Sony Bravia TV owners should have automatically received the firmware updates if they’ve not changed the TV’s default settings
  • By default the affected Bravia TVs are set to automatically receive updates when they connect to the internet

Sony did send out the firmware updates to patch these bugs and by far the majority of Bravia smart TV owners should be safe.

The bigger issue

Although, in this case, Sony is doing something about it, many smart device manufacturers don’t. This has led to the creation of huge smart device botnets, which have been used to take major websites.

But this is only the beginning. Smart device attacks will become increasingly common. As such it always pays to keep one eye on the security of smart devices you plan to buy.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

Source: BullGuard

NewsNow Passwords Hacked

Another week, another blog post and another website that’s has its user passwords hacked.

This time it’s NewsNow that’s in the spotlight.

Here’s what BullGuard recently reported:

If you’re a news junkie there’s a good chance you check NewsNow frequently. You might even have an account with this aggregated news content service which gives you the latest lowdown in even the most obscure of areas.

If so, you probably won’t be happy to hear account passwords have been hacked.

Somewhat ironically, but not surprisingly, NewsNow has not made the news public.

Rather it has sent out emails to account holders informing them about the ‘believed’ hack.

Has your account been hacked?

If you are a user of this website, you’ll have received an email stating, “… we believe it is possible that an encrypted version of your password may have been accessed. While we do not have concrete evidence that this has happened, the possibility cannot be completely ruled out.

Comforting.

They then go on to say that because it’s not straightforward for anyone to decipher your actual password, it’s unlikely anyone will bother trying.

Doesn’t fill you with much confidence, does it?

We would suggest changing your password anyway.

Thanks for the heads up Bullguard.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

 

How Do Hackers Evade Detection?

Hacking is becoming too frequent a headline for our liking these days. It seems as though the technology that’s been developed to make our lives easier is backfiring thanks to a small army of hackers.

Getting their kicks out of circumventing firewalls and other security measures are putting the rest of us at risk.

So how come these attacks keep happening?

Well, according to BullGuard, before launching an attack, hackers make sure they cover their tracks by:

  • Breaking into poorly secured computers and using these hijacked systems as proxies through which they can launch and route attacks worldwide
  • Using viruses, worms, phishing emails and other malware to take control of internet servers or personal computers to create a network of ‘zombie’ computers, also known as botnets
  • These botnets are then used to launch attacks.
  • As a result, an attack may appear to come from a particular server or computer, but this does not mean the attack originated at that device.
  • Often a string of different proxies are used, typically located in different countries.

It is these factors that make it so difficult to find out where the original attack was launched.

As BullGuard states:

“ It can be done but requires law enforcement from different countries to co-operate with each other.

“On the surface, this may seem straightforward but political agendas can get in the way of forensics. For instance, law enforcement might trace an attack as far as a server IP address in Russia or a router on Chinese territory.

“This doesn’t provide definitive proof that the attack was launched from a server in Russia or a router in China, these devices could be proxies used by the attackers. But political relations, for instance between the US, Russia and China, ensure that the forensics investigations can’t go any further. This is why it is often difficult to catch attackers. That said, circumstantial evidence can certainly point a finger in the right direction.”

Attackers sometimes start small

BullGuard when on to explain:

“Attackers sometimes start their attacks by attacking small, remote and obscure computers or networks or piggyback into networks by infecting other devices. Their ultimate targets are often large organisations with sensitive information.

“But they don’t just press a big red attack button; instead they carry out surveillance and crawl through a victim’s network to find suitable launch points to reach their ultimate targets.

  • Foreign nation state-backed hackers took over outdated Windows servers run by a small company. They then moved across the network onto other servers. Spear-phishing emails were then sent from these compromised servers to more than a hundred targets, including companies working for the US Department of Defense.
  • Attackers exploited a vulnerable web application on public school servers to break into them. They moved around the networks and installed backdoors on the school’s computers to launch more attacks.
  • Malicious hackers breached a community club network and then distributed malware to anyone who connected to the club’s Wi-Fi. The attackers then later piggybacked into corporate networks when the owners of the devices had been infected logged onto their company networks.
  • Chinese spies penetrated an old computer belonging to a welding firm located deep in the Wisconsin countryside. The hackers used the compromised computer to plan and stage attacks on a major Manhattan law firm, one of the world’s biggest airlines, a prominent university and other targets.

“Often these firms or individuals have no idea their computers have been compromised until one day they receive a knock on the door from men in suits and raincoats who have a lot of questions.”

 

 

How To Tell If Your Mobile Phone Is Being Tracked Or Monitored By Spy Software

Mobile phone spy software is more prevalent than you may think.

You don’t have to be a celebrity or politician to fall prey; it can happen to anyone.

If you suddenly find your mobile’s battery life disappearing rapidly, or your data usage goes through the roof, it should be a sign of snooping.

Why would someone want to spy on you?

An excellent question and the answer is probably data.

If you’re in business, it could be details about sales strategies, new product development and so on. It could be to find out whether an affair is taking place or it could be related to a court case.

You’re probably wondering how the soy software gets on your phone. Well, it’s easier than you think. For example, during repairs or for some other reason, a backdoor application can be installed to piggyback your GPS service or spy software can be installed on your mobile device.

How to tell if your mobile phone has spy software on it

There are several signs to look out for that suggest your phone is being tracked or monitored in some way. They can be quite subtle, but when you know what to look out for, they can also be glaring:

Unusual sounds during calls

Clicking sounds, static or distant voices coming through your phone during conversations can be a sign that you’re being snooped on.

Decreased battery capacity

If a mobile phone is tapped, it is recording your activities and transmitting them to a third party. This leaves a footprint in the form of increased battery usage, and as a result, the battery loses life faster. You can test this by using your battery in another phone of the same model and compare the results. If it uses less battery, it could be that your phone is bugged or it’s defective in some way.

Phone shows activity when not in use

Other than message alerts, when your phone is not in use, it should be silent. If yours is making noises or lighting up its screen when you’re not using it, it could be a sign that someone’s snooping on you.

Phone takes a long time to shut down

If your phone is transmitting data to someone, it will take longer to turn off –  especially after a call, text, email or web browsing because it could be sending information to a third party.

Battery temperature feels warm

If your phone feels warm, even when you haven’t used it, it could be still in use secretly transmitting data. However, this is only a potential sign.

Receiving unusual texts

Receiving strange text messages containing random numbers, symbols or characters is another sign. The remote control feature of spy software works by sending secret coded text messages to your phone and in some cases, these can be seen if the software is not working correctly. If this happens regularly, you could have a spy app on your phone.

Increased data usage

Some spy apps (the less reliable ones) use extra data to send the information collected from your phone, so look out for any unexplained increase in your monthly data usage. The best spy software programs data usage has been reduced and will be almost impossible to spot but the poor programs will show significant data use.

How to find mobile phone spy software 

It’s possible to find spy software on an Android by looking inside the files on the phone. Go to:

  • Settings
  • Applications
  • Manage Applications or Running Services

You may be able to spot suspicious looking files. Good spy programs usually disguise the file names so that they don’t stand out but sometimes they may contain terms like spy, monitor, stealth and so on. Some of the poorer quality software programs are still quite easy to spot.

If you are only looking for confirmation of spy software, you won’t do any damage to the phone. However, it’s best not to remove or delete any files unless you know what you are doing.

If you do find suspicious software ,it’s a good idea to take your device to someone who does know what they are doing.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

Source: BullGuard

Don’t Fall Victim To Bank Transfer Fraud

bank transfer fraud

 

Bank transfer frauds are growing with victims losing significant amounts of money.

The issue with this type of fraud is that there’s little chance of getting your money back because banks take the line that it wasn’t as a result of their systems being breached. Therefore, they weren’t at fault.

How does bank transfer fraud work?

It can happen in two ways.

Either a hacker gets hold of email addresses and passwords and uses brute force techniques to crack the passwords.

Or, they target specific individuals and, using a range of social engineering tricks, identify email addresses. These are then scanned for messages relating to some form of financial transaction, e.g. communicating with a solicitor about a mortgage, a builder for renovation works or an accountant for tax-related payments.

The fraudster then intercepts the messages and, when the timing is appropriate, poses as one of the parties, for example, a solicitor asking for the payment to be made to a bank account. They provide the account details and sort code (often stating the firm has just changed its banking details).

The victim doesn’t think anything is suspicious about the transaction because they are already engaged in the process and are expecting to make a payment.

What are banks doing?

Not a lot.

They are mainly taking a hard line and refusing to reimburse customers for these losses.

As far as they’re concerned it’s not their responsibility when customers give their account details, or money, to online scammers.

In the UK, the Payment Systems Regulator (PSR), the economic regulator for the UK payment systems industry, has come down on the side of consumers and is pressing for a scheme to be set up that would see customers refunded in certain circumstances.

It’s uncertain, however, when this will come into effect.

What can you do?

A recent blog post on BullGuard offers some fantastic advice if you’ve been unfortunate enough to have fallen prey to one of these scams:

  • Immediately phone your bank, speak to the fraud team, explain what has happened and demand they contact the fraudster’s bank, that is, the bank you transferred your money to

  • Immediately contact a solicitor or barrister who can accept instructions from you and ask them to make an application to freeze the fraudster’s bank account and any other bank account that the fraudster has with their bank. This should include a request for a court order that the fraudster’s bank provides the following information:

    • All contact details (mobile phone, home phone, email address, residential address)
    • All signatories to the fraudster’s bank account
    • Any other bank account held in the fraudster’s name or any other signatory to this bank account that is held at the bank
    • All bank statements for the fraudster’s bank account and any other bank account to which the fraudster or any other signatory has with the bank for a period of 6 months
    • The current balance of all bank accounts with the bank that is in the fraudster’s or any other signatories name
  • As soon as you receive the court order immediately email it to the fraudster’s banks’ ‘court orders’ team

  • As soon as you receive the information from the fraudster’s bank, consider the following points:

    • Has your money been transferred to any recognisable company you can contact?
    • If you can identify a company that has received your money, contact this company, explain what has happened and request they either cancel the transaction made by the fraudster or ask them to hold onto the money as you’re currently using court orders to identify the fraudster
    • Has the money been transferred to other bank accounts?
  • If your money has been transferred out of the fraudster’s bank account and into another bank account, you have the option of returning to court and repeating the process set out above

  • Your bank will be under a duty to contact the fraudster’s bankers, who will then freeze the fraudster’s account. If your bank has failed to act within a reasonable period of time after you have notified them of the fraud it is likely that your bank will have breached their duty and will have to compensate you

The wider issue

These types of frauds begin with email accounts being hacked:

  • Before making a large payment call the recipient and double check that the payment has been requested

  • Make an initial small payment and check if the recipient receives it

  • Never post email addresses or other personal information on social media

  • Never give out your email address or other personal information over the phone

  • Check if your email address appears on https://haveibeenpwned.com/ If it does it means that is has been stolen, most likely from some company’s database

  • Consider closing your email account and replacing it

  • Use strong passwords on your email account. Click here to find out about password managers

  • Consider using BullGuard Premium Protection which safeguards all your identity information, including email addresses, and alerts you if your information appears on the web

Thanks, BullGuard – excellent advice if you get caught out.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages

Source: https://www.bullguard.com/blog/2017/12/bank-transfer-frauds-are-surging-what-to-look-out-for-and-how-to-protect-yourself

 

Does Your HP Laptop Contain Hidden Keylogger?

Keylogger

 

What is keylogging?

It is software that covertly tracks, or logs, the keys struck on your keyboard. Its purpose is to collect sensitive material such as account numbers, PIN codes, passwords etc.

Although there are legitimate uses for keylogging (e.g. parents monitoring children’s activities), they pose a serious threat. They enable cybercriminals to gain access to your sensitive information. This could lead to the loss of your money or identity.

It spreads in much the same way as other malicious programs – through opening an attachment received via email, social network, text etc., or through an infected website.

How was it discovered pre-installed on hundreds of HP laptop models?

It was security researcher Michael Myng who found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.

According to the BBC, the “potential security vulnerability” is affecting more than 460 models of HP laptops. However, the release of a software patch will remove the keylogger.

He discovered it when inspecting Synaptics Touchpad software. Although disabled by default, an attacker with access to the computer can enable it to record what a user is typing.

How do I know if I’m at risk?

The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. You can find a full list of affected devices, dating back to 2012, by clicking here.

In a statement, the company said:

“HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com.”

The BBC also reported that in May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Cyber Attacks – What Happened In 2017 and What’s In Store For Us This Year?

Cyberattacks

 

2017 was quite a year for cyber attacks. According to Hackmageddon.com, every month saw dozens of serious cyber attacks affecting the personal information of billions of internet users worldwide.

Shocked? We were too.

We were too.

BullGuard outlined some of the biggest ones in a recent blog post.

WannaCry

The WannaCry ransomware spread through 150 countries affecting more than 300,000 computers including the UK’s National Health Service, FedEx, rail stations, universities, car manufacturers and a national telco.

It spread rapidly because of a worm-like component expedited by a large number of organisations using unpatched XP operating systems.

It was considered among the worst breaches of all time because of the amount of sensitive information that was taken.

Yahoo

Yahoo dropped a bombshell in August 2017 announcing that every one of its three billion accounts was hacked in 2013.

This was three times what was first thought to be the case. According to the former Yahoo CEO Marissa Mayer, the company only found out about the breach in 2016 when it reported that 1 billion accounts were hacked.

The company still doesn’t know who was responsible.

National Security Agency

The National Security Agency (NSA) is responsible for spying on other countries and mass surveillance of its citizens.

As you would expect, it has an arsenal of cyber tools for hacking into foreign banks, infrastructure, government departments, etc. However, a group of hackers called Shadow Brokers leaked a suite of hacking tools widely believed to belong to the NSA, which were then used in some of the year’s most significant global cyber attacks, including Wanna Cry.

How embarrassing!

Uber

Back in 2016, hackers stole the data of 57 million Uber customers. The company paid the hackers $100,000 to cover it up. The breach was only made public in November 2017 by the new Uber CEO Dara Khosrowshahi.

It also turns out that Uber was also playing on the other side of the fence too. A former member of Uber’s security team recently revealed details about a secretive unit within Uber dedicated to stealing trade secrets, spying on competitors, using self-destructing messages and dodging government regulators.

What can we expect in 2018?

It doesn’t take a rocket scientist to work out that a prime target of the hackers is going to be the Internet of Things.

Smart devices face the same cybersecurity challenges as your desktop PC, laptop and smartphone. The only difference being that smart devices are attached to real things in the real world.

As BullGuard reports:

“When someone hacks a PC, personal data is at risk. But when someone hacks a robotic manufacturing arm that entire manufacturing line is at risk, if someone hacks a medical monitor a patient is at risk, if some hacks a smart lighting system that smart home is at risk.”

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard