TED Talk: Hacked medical devices, automobile computer systems, two-way radios, and more

Avi Rubin: “All your devices can be hacked”

A computer and information security expert gives a TED talk:

  • How implanted medical devices can be hacked (and the results could be fatal) by reverse engineering commercial off-the-shelf devices and then sending wireless signals to them.
  • How an automobile can be hacked using the onboard wired or wireless network originally meant to offer additional safety and efficiency to the vehicle. This includes using malware to remotely apply the brakes, disable the brakes, change the car engine’s computer, unlock the doors, pinpoint the vehicle by GPS, and more.
  • How to jam a common model of secure two-way radio used by emergency first-responders, using a denial of service attack.
  • How to steal keystrokes typed into a nearby smartphone through its accelerometer, which determines the orientation of the phone.

What can we learn here? Early adoption of technology can bring extra risks not considered when the biggest concern is making a profit and keeping a slick company image, rather than the individual’s safety and security.

 

Before jailbreaking, consider the risks

iPhone “Jailbreaking,” a term commonplace with iOS users, may sound like a viable and fun way to expand features on Apple’s iPhone or iPad. No doubt, there are some very slick options out there to make use of. The process is quite simple, inexpensive, and is becoming popular among non-tech enthusiasts. But as with anything in the digital world, there are risks involved when installing any type of third-party software or firmware.

Currently, the ruling on jailbreaking has been deemed legal, so there is no reason either to support jailbreaking or be against jailbreaking. However, jailbreaking may actually become illegal this year. That’s right, just because it is deemed legal now, laws can and do change. The ruling set by the Copyright office for Section 1201 of the Digital Millennium Copyright Act (DMCA) could result in penalties including very large fines and even imprisonment if this is the case. That ruling, set in 2010, will expire sometime this year. The EFF has more info on this.

Before you jailbreak, take into consideration the risks:

  1. You will be violating Apple’s Software License Agreement. While Apple may not seek to pursue you legally, this action voids any manufacturer warranty and/or support. Section 2(c) specifically bans any attempt to “modify” the iPhone software or to reverse-engineer it.
  2. You could damage your device indefinitely. If something were to go wrong in the jailbreak process, your expensive little device may as well be a “brick” used as a doorstop.
  3. You will miss out on important security updates. Each time Apple issues a new iOS update, a new jailbreak will be required. Failing to do so and keeping the existing firmware will leave security flaws intact and could result in personal data being stolen. There have been several cases of exploits and malware aimed specifically at jailbroken devices.
  4. You may experience unreliable service. You may encounter instability bugs on your device or applications. Your battery life may be affected. You may experience disruptions of voice and data services. The use of some jailbroken applications may even result in wireless carrier infringement or large data overages due to unwarranted tethering options.

Other risks exist that were not mentioned here. The good news is that a device can easily be reset to its factory state thereby removing all third-party software which includes all traces of jailbreaking. However, the future iTunes update and restore processes may change this, depending on Copyright decisions currently being discussed.

 

Jared, IWKYS ContributorJared Simmons,
IWKYS Contributor

 

Prevent your web browser from sharing your location

Take advantage of your Internet browser’s built-in feature to prevent websites from requesting for your physical location. Whether you’re concerned about safety from online predators, or you don’t feel comfortable sharing where you live with a website’s third-party marketing advertisements, you may want to block your browser from directly giving away your computer’s location. Keep in mind that a website could still find other ways of identifying you, as pointed out in a previous post about Panopticlick.

How to disable the location services / location-aware browsing:

Internet Explorer 9

Block location tracking in IE9Safari 5

Block location tracking in Safari 5

Chrome 16

Block location tracking in Google Chrome 16Firefox 9

Firefox: How to turn off location trackingDon’t forget about your smartphone! From an iPhone’s Home screen:

  • Settings > Location Services > Safari > Off

Other smartphones or tablets such as the iPad should have a similar toggle for their browser settings. Preventing Safari from accessing location data would not prevent another web client or app’s browser from accessing that data.

Sharing mobile photos online could give away your location

How to disable location services on iphoneWith the explosive popularity of smartphones and social media platforms, sharing photos has never been easier. Millions of pictures are uploaded to the web every day, and camera-enabled mobile phones are the perennial top-selling consumer electronic devices. So it’s a safe bet that even more photos will be cropping up on image-hosting communities and personal websites.

But what exactly is being shared?

In some cases, you might unwittingly be letting others know where you live and work and your travel patterns and habits. These details can be revealed through bits of information embedded in images taken with smartphones and some digital cameras and then shared on public websites. The information, called metadata, often includes the times, dates, and geographical coordinates (latitude and longitude) where images are taken.

While the geospatial data can be helpful in myriad web applications that plot image locations, it also opens a door for criminals, including burglars, stalkers, and predators. It’s not a stretch to imagine young teens’ images of their ventures to the mall or beach being culled by web predators and meticulously plotted on online maps.

“It’s not something we think is happening. We know it’s happening,” said Kevin Gutfleish, head of the Innocent Images Intelligence Unit in the FBI’s Cyber Division. The unit provides analysis and assessments of emerging threats for the operational arm of the Innocent Images National Initiative, which targets child pornography and sexual predators.

“The way that images are being posted in real time allows others who have access to see the metadata and see where the photos were taken and reveal their location at that time,” Gutfleish said.

Metadata in mobile photosAn intelligence analyst in the FBI Criminal Division’s Crimes Against Children Unit said these details can reveal a “pattern of life,” particularly when images posted over time are clustered in geographic locations.

“It doesn’t have to be in real time to be dangerous,” said the analyst. “Historical data can tell you a lot about individuals’ day-to-day habits and may indicate where they are most likely to be at a certain time.”

Some popular social media sites automatically scrub metadata from images before they are published. On the other hand, some leverage the data to display location information beside the images. An amateur sleuth could easily pinpoint a location using the available latitude and longitude coordinates.

“Even if they don’t intentionally say where they are, the photos could reveal that,” Gutfleish said. “And that could present a potential danger.”

Gutfleish said he has seen an increase in intelligence reports and complaints about the potential misuse of the metadata embedded in photos. He said the proliferation of online tools that aggregate personal information from social networking and image hosting sites is enough to urge a level of caution.

He suggests mobile phone users at the very least check the “options” or “settings” on their phones (and any applicable mobile applications) to see if they are sharing location information. In many cases, the default setting is to share location information.

“It’s just a best-practice if you don’t want to give out your location,” Gutfleish says. “We simply want to make sure people know this is happening.”

 

How to Disable the Location Functions

Disabling the photo geotagging function on mobile phones varies by manufacturer, but is generally a straightforward process. On one of the most popular models, the iPhone, users can simply navigate to the following folders:

Settings > General > Location services

The path to location-based services options varies from phone to phone. Users should take special care when enabling or disabling location services (which may include navigation functions), or disabling applications (like photos) accessing the GPS data. Consult your phone manufacturer’s guidelines for more information.

Article Credit: FBI

The dangers of texting when driving

Is it safe to text while driving? Should I use a smartphone when driving?

AT&T campaign: This documentary featuring families affected by texting while behind the wheel was distributed to educators, government officials, safety organizations and the public as part of an educational awareness campaign. (Video length: 10:44)

“Studies show that you are 23 times more likely to be involved in an accident while texting and driving.” -Virginia Tech Transport Institute, 2009.

 

QR code dangers & the Norton Snap app

QR Code ScannerQR codes, or Quick Response codes: You have seen them in magazines, fast food chains, entertainment event tickets, posters, and even billboards.

The danger in these two-dimensional codes is how easily they can be exploited by someone with malicious intent (for example, by placing a sticker of a new QR code on top of an advertisement), because viewers cannot see a difference after a code has been replaced or hijacked.

Although it may be rare so far, malware has already been put into QR code links on the Android (see full story on Mashable).

Unsafe QR CodesBut the real proof of a threat here? Symantec developed a QR code scanner called Norton Snap, which, according to the Apple App Store, “protects you, your mobile device, and your important stuff from online threats by warning you of dangerous QR codes and blocking unsafe websites before they load on your device.” More info on that currently free app here. For Symantec to spend the time and money on putting out an application for smartphones means that they see a potential threat with an opportunity to capitalize on. It will be interesting to see if other standard bar code reading Apps partner up with security companies to keep users safe, and/or whether marketing companies decide against pushing the QR codes due to the threats.

 

7 Reasons Not to Give Your Child a Smartphone

“Should I let my child have a smartphone?” You may have some good reasons to give one to your child. Here are seven reasons not to:

  1. Porn apps on smartphonesPorn. In the app stores, on pornography websites, on malware-infected sites, on social media networks… “But I set up parental controls. I can lock down the device, right?” Sure, but a word of caution: someone who wants to find a way around controls will do just that. Think hidden folder apps, private web browser apps, harmful websites not yet blacklisted, etc. Is your child too young to think of these things? Young 6-year-olds have accidentally clicked on porn through “related videos” inside Apps for kids. While new ways of filtering out or monitoring porn may become available, these helpful services are no match in a competition with the multi-billion dollar porn industry. Recent news headlines:
    1. “Children as young as 11 are exposed to porn: Smartphones and laptops are too accessible warns addiction specialist”
    2. “Smartphones exposing kids to porn: Study”
    3. “Can Your Child Find Porn on Your Phone?”
    4. “Children admit addiction to smartphone porn”
  2. They’re expensive. Consider a phone plan with a low number of minutes, text messaging, a data plan (required for most smartphones!), and tax at $90/month that comes out to $1,080/year. Add the cost of accessories. Then add the cost of upgrading to the next phone when that model becomes obsolete and the current model has already lost its resale value. Maybe you have a Family Plan that cuts my estimate in half–it’s still a significant amount.
  3. Less exercise. One of the trade-offs to spending time in front of a screen is less time spent on activities involving physical exercise. Sure, some activities surrounding a smartphone can involve exercise (jogging to music?). But consider the amount of time spent sitting or standing. “But you don’t understand, my child would have spent their time in front of the TV.” Okay, so get rid of your TV. No one said the road to success here would be an easy one.
  4. Physical safety from pedophiles and stalkers online. Having a smartphone often involves broadcasting a physical location to friends and online followers. Ask yourself: How hard is it to directly or indirectly trick a young person into giving away their location?
  5. Poor sleeping habits. “According to the American Academy of Pediatrics, 75 percent of teens use cellphones at night when they should be sleeping, and after 9pm, 34 percent of adolescents reported text messaging, 44 percent reported talking on the telephone, 55 percent reported being online, and 24 percent played computer games. Media use also often stimulates the brain, which makes it harder to sleep hours after you’ve turned your electronic devices off.” (source)
  6. Violence in the app storeExposure to other dangers: violence, drugs, alcohol, gambling, sex, and erotic reading material in ebooks. All of these things can be found in those fun, free games your child’s friend showed them. “But that stuff doesn’t affect my kid!” Yes, it does, whether you realize it or not. Regardless, consider that your decision for your child may unknowingly influence other parents, whose children will be affected differently. Also consider the implications for game developers who see increased downloads and in turn, larger profits on the games containing the dangers mentioned above.
  7. Important life lessons gained while going through childhood without the smartphone: The patience to wait for something. A longer attention span. Contentment without owning the newest toy. Solid social skills after having spent more time interacting face-to-face with peers. The personal strength to fight peer pressure when “everyone else is doing it.”

Parents, now that you’re aware of some of the dangers, I hope that you’ll agree with me: You love your child too much to ignore these dangers. You would rather withhold something they want, than give them what will likely harm them. For those who have young children and are trying to make a decision, keep in mind that you don’t have to learn this lesson the hard way. If your child was about to walk off the edge of a cliff and you had the chance to prevent it, wouldn’t you put your foot down for their sake, despite their protests?

Note: I purposefully haven’t mentioned an age. Instead of asking “When should I give my child a smartphone?” weigh the risks your kid would face along with the real benefits they may receive.

.