 |
| English: An HP LaserJet 4200 dtns printer (Photo credit: Wikipedia) |
August 31, 2015 Deadline
October 2015 Issue
Charlie Miller and Chris Valasek hacked a Jeep in July of this year. Chrysler recalled 1.4 million vehicles to fix issues with the “Uconnect” network, which used cellular Internet connections to enable features like remote access. If you’ve wondered how OnStar and similar services, like Uconnect, unlock car doors, now you know. They use the Internet.
Uber, the ride-scheduling app company, hired Miller and Valasek in August to work on security for Uber’s autonomous automobile project, since a self-driving car requires network and GPS access to function properly. Everything in an autonomous vehicle is computerized and this invites potential mischief. Uber hired hackers to identify security vulnerabilities.
General Motors, Volkswagen and other car companies have been tested by hackers. The 2016 Corvette’s braking system has been hacked. VW, and its subsidiaries including Audi and Porsche, have had their doors and security systems hacked via a $30 Raspberry Pi computer with Bluetooth wireless networking. VW sued to keep the hack secret, but nothing remains secret on the Internet. Old-fashioned keyless car entry, like garage doors and other frequency based systems, is a relatively simple hack. Newer Bluetooth systems were supposed to be harder to crack, but they rely on short numeric codes. A computer can try thousands of random codes in a minute, rendering short passcodes pointless.
The “Internet of Things” (IoT) has connected our Blu-Ray disc players, home security systems and even thermostats to the Internet. If you’re willing to let the electric company control your air conditioning, you can save some money. This resembles the OnStar model, with the power company using the Internet to check and set your thermostat. What could go wrong?
The problem with a connected home is that it might use your broadband network, though not all remote control systems do. My wife and I do have security and entertainment systems wired through our home network. Though we have a hardware firewall, hackers have already demonstrated they can work all manner of magic remotely.
One of the weaker points in a home network turns out to be a printer. Some new printers come with “remote printing” enabled, though few people use this option. To allow remote printing, the printer has to welcome incoming network traffic. Yes, hackers have taken control of computers in homes and offices via remote-printing. Your printer might be opening the door to criminals.
In 2011, researchers at Columbia University demonstrated that HP LaserJet printers were particularly vulnerable to network hijacking. There’s no fix for older printers and few people configure network printers securely. Have your computer technician or home tech guru disable “SMTP” (Simple Mail Transfer Protocol) and remote printing unless you absolutely must have this feature.
Any home network should include a good firewall, and I also suggest using network address translation (NAT) and port forwarding to hide a local network. Network techs agree that NAT is not a security measure, but it can help hide devices from less skilled hackers. Good routers, those boxes we use to connect a broadband service to a small network, include firewalls. Enable the firewall and set up any additional security you can. Our home network only allows specific hardware to connect, based on the media access control (MAC) address. When we buy new networked devices, I have to update the security table. Plus, we require passwords to connect to the network.
Phones pose a special problem, because they use public networks. To help ease our fears, tech companies are offering biometric security. Surely fingerprint ID is safe, like that used by Apple and Google for their device operating systems.
Not exactly. It turns out that scanned fingerprints are stored as simple data arrays. Fingerprint data can be stolen from Android phones, as demonstrated by hackers in August. The hackers managed to steal fingerprints by convincing users to install “malware” that transmitted the fingerprint data and a bitmap image to the hackers. Turns out, any application installed on an Android device could access fingerprints and other security settings.
Malware is software that a devious programmer designs to entice users. It might be a free game, a slideshow or something practical like a tip calculator. The malware seems like good software, yet in reality it spies on users or performs other nefarious tasks. Technically, malware is not a virus, since it requires installation by a user.
Never install software that isn’t from a trusted publisher. Free apps should raise suspicions.
Assume you never install software you cannot trust and you drive an older car. Nothing in your house is connected to the Internet of Things and your flip-phone cannot surf the Web. All is well, right? Maybe not.
Hackers have demonstrated the ability to embed viruses in computer cables, particularly Thunderbolt and the new USB C cables. This is possible because today’s high-speed cables are really small computers. The cables have more computing power than home computers did only ten years ago. Though this type of hack requires plugging a cable into the computer or a port hub, it could be a problem for businesses. Imagine a dishonest “technician” visiting a business. The technician declares that a cable is bad, so he offers to replace it. Now, at least one computer is infected.
Maybe this column has you concerned, but the actual risks are far less significant than any news report or Internet rumor suggests.
As an Apple OS X user, I have not had a virus, malware or other attack strike any of my Mac systems since 2002. I keep my software up-to-date, install only software from trusted publishers, enable all security features of the operating system and I do have an anti-virus application installed. I read SecureMac and MacRumors to track the latest security threats.
Even my last battle with a Windows virus was in 2002. That infection likely came from a floppy disk provided by a retail supplier.
I’ve always had at least one computer system with Windows. Based on experience, I trust BitDefender, PC Magazine’s 2015 Editors’ Choice winner. BitDefender not only catches viruses and malware, but warns you if a website is dangerous. This ability to block “phishing scams” is increasingly important in workplaces.
The world is not a safe place, but a little caution goes a long way.
Comments
Post a Comment