Check this out before buying a new Smart TV

New Smart TV on your Christmas list? Be careful of what features you get on your TV. Specifically the ones with cameras or microphones built in. They could be used to spy on you according to the FBI.

Smart TVs connect to the Internet in order to update, download apps, connect through the apps. Some of the newer ones have built-in cameras for facial recognition so they can suggest your favorite programming. Microphones are generally used for voice control for the remotes to change channels.

If your Smart TV is unsecured, hackers can listen and watch you as well, or take control of the TV. If you can’t turn off the camera, consider using black tape over the lens. Make sure to keep the software updated.

If you are victimized by any fraud on the Internet, contact the IC3 (Internet Crime Complaint Center).

More on Pa$$w0rds

The Victor crew found this article about passwords. There have been so many breaches in recent history. There have been 13 big data breaches this year alone (so far).

This article breaks down why passwords really don’t matter in light of the way hackers are performing their breaches. It is from a Microsoft tech using stats collected from Azure Active Directory connected accounts. The data is broken down by type of attack and how they are performed.

Once you cut through all the techese, the bottom line is to choose passwords with at least 8 characters, use a password manager and let it generate the password for you, try using multi-factor authentication for that extra step.

Car Hacking

The Victor crew has written about car hacking before. It seems to have escalated to apps being used to hack some cars now. Breaking into certain GPS Tracking apps, the hacker claims to have the ability to even stop engines, as reported by MotherBoard.

The apps he has hacked, called iTrack and ProTrack, are two apps where companies can monitor and manage their fleet vehicles. The hacker found that the apps have default password of 123456 when they sign up. The hacker said he was trying to target the companies, not the users.

Both apps are made in China.

Smart Toys

Jody Victor‘s crew wants to warn everyone that you need to be careful if you are considering buying
smart toys for children. Our warning is 2-pronged.

First is that any toy that can go online via WiFi has the potential to be hacked. There are already some instances of this.

The Hello Barbie doll was found to be able to be a surveillance device.

VTech, based in Hong Kong, had a vulnerability that allowed private information including names, addresses, email addresses, download history, secret questions to be compromised.

HereO watch, a GPS-enabled watch, had a vulnerability that allowed stalkers a way to track and send messages posing as their parents.

Fisher Price’s Smart Toy Monkey had a vulnerability that could leak owner information.

These are just a few toys we know of so far.

The second prong to this problem is this: Will these be new avenues for our (or any) government to track us? Will any toy or device equipped with a camera and/or microphone allow government agencies to spy on us or for them to confiscate them for investigation?

We might need to think twice before purchasing these items.

Can YOUR car be hacked?

(Reuters) A couple of white-hat hackers (those who are hired to find software vulnerabilities) set out to hack some cars. They were able to force a Toyota Prius to brake when it was going 80 miles per hour, jerk its steering wheel, or accelerate its engine. They can disable the brakes on a Ford Escape at slow speeds so it keeps moving no matter how hard the driver tries to stop.

They were actually doing this sitting in the cars with a laptop on their laps hooked to the network of the cars. They didn’t do it remotely, but this did uncover security flaws.

The two hackers, Charlie Miller and Chris Valasek, will detail their findings ans publish the techniques they used in a 100-page white paper. This research was conducted with a grant from the U.S. government. They will also release the software they built to do this at this week’s Def Con hacking convention in Las Vegas.

~ Jody Victor