Vigilance is the operative term these days, and we can’t stop hearing about having to wear masks, maintain social distance and keep ourselves muted on Zoom calls when not speaking. With so much of our energy put into maintaining new norms of behavior, some things are bound to slip. Changes as fast and dramatic as the ones we’ve experienced this year haven’t given us enough time to build the necessary habits so that we can be as vigilant as we need to be.
Wow! What a beautiful vacation that friend of a friend posted in their Facebook account. It looks like the perfect family vacation; all smiles, all sun, some commentary about the perfect spot…
The DHS is using Congress’ “Real ID” Act of 2005 to require all US states to issue new, more robust IDs for air travel originating in the United States.
How will the cybersecurity landscape change in 2017? Many businesses still feel woefully behind in their response to the pervasive threat of cybercrime. Let’s review how companies in different countries and different industries are rating their own cybersecurity strategies heading into 2017.
Earlier this year, Mark Zuckerberg, CEO of Facebook, unintentionally revealed (in a photo he posted to his Facebook account) that he covers up the webcam and audio port on his laptop. He literally has a small piece of masking tape over the pea-sized camera lens and another one on the audio port where headphones plug in. The social media universe was quick to pick up on this, leading to all sorts of speculation and theory crafting about the possible implications.
What does Zuckerberg know that we don’t?
For starters, Facebook is able, technically, to listen in on your conversations. Recall that you may have granted Facebook permission to access your microphone. Coincidentally or not, many FB users have reported online ads popping up for obscure things that they may have discussed within earshot of their phone or laptop, but had not actually typed into any search engine or device. For now, Facebook denies using a phone’s microphone to serve ads or customize news feed stories.
Webcams are also vulnerable; hackers can easily gain access to cameras embedded into mobile phones, tablets and laptops as well as stand-alone surveillance cameras. Webcam hacking was in the news after the October 21st “Mirai botnet attack,” in which thousands of webcams, DVRs and industrial cameras were hacked and then networked together to attack large corporate servers.
The risk of a webcam security breach extends to Android and iOS devices. iOS is the operating system on Apple’s iPhone, iPad and iPod Touch products. In August, Apple issued a security alert after identifying the “Trident” flaw, which hackers could use to turn on the camera or microphone on a hacked device. Trident was delivered to victims via SMS text message links.
Android apps can also serve as a conduit for hackers. Last week, a popular Android app called AirDroid was reported to have a major security flaw. AirDroid, with over 20 million downloads, helps users manage their Android device from a web browser. But the data transmission process is not secure, allowing a hacker to easily create a man-in-the-middle attack. AirDroid has access to a device’s contacts, camera and microphone, and other user data. Android is continually releasing new security updates to keep up with the continual emergence of new security vulnerabilities.
What could a hacker do with remote access to your webcam or microphone?
Imagine the Invisible Man, sitting on the armchair in your bedroom at night, watching you and listening to your private conversations. What could he do with that information? Blackmail you? Gain access to your online accounts? Jeopardize your privacy and safety? Certainly all this and more. Think of the webcam on your laptop as the Invisible Man; it can watch you and listen to you at any time, without your knowledge, transmitting a feed to hackers via your laptop’s Internet connection.
And, it could be recorded and easily posted on YouTube for the world to watch.
And by the way, don’t think you’ll see a recording light turn on when you’re being spied on through your webcam; that can be and is usually disabled remotely by the hacker.
What to do?
While some may suggest disabling your webcam and microphone to protect yourself, this may not be a practical solution for business professionals who need to use these devices for remote collaboration, web meetings, and Internet voice services.
Instead, we circle back to a variation of Zuckerberg’s simple, low-tech solution to defeat high tech surveillance.
But instead of just a piece of tape, we recommend placing a bandaid over your webcam — the bandaid padding will protect your camera, and you can peel it off whenever you want to use the webcam. If you choose the right size bandaid or trim one to fit, you can even muffle the microphone port.
Also, to further protect yourself from becoming a target, consider protecting personally identifiable information and information about your financial assets. Use secure email communications (RMail, for example) to keep your personal information personal.
In the recent Tech Essentials article “Changing Trends in Cyber Security,” we highlighted how hackers are becoming more innovative in their ability to use generally available social media (i.e. LinkedIn recruiter tools) and other business applications to target email recipients with imposter email and lure them into wiring money to hackers. Read more
Three weeks after the publication of my open memo to Facebook CEO Mark Zuckerberg – first published by Business Insider on June 8, 2011 – plaintiff lawyers from law firms DLA Piper LLP and Lippes Mathias Wexler Friedman LLP dropped out of their lawsuit against Facebook, despite the awaiting percentage of a potential $25 billion bounty. This memo, with the subject, “Grounds for Early Dismissal of Ceglia’s Claims — Paul Ceglia’s $25 Billion Mistake,” was written by me to provide assistance to Zuckerberg in response to a recent lawsuit filed by Paul Ceglia where he claims to have emails from 2004 which show Mark Zuckerberg allotted him 50% of Facebook equity.
(The memo was written in response to a recent lawsuit filed by Paul Ceglia where he claims to have emails from 2004 which show Mark Zuckerberg allotted him 50% of Facebook equity. Read Facebook’s response to the lawsuit.)