Tag Archives: hacker

Hacking a Pacemaker??

 Connectivity equals vulnerability.

What does that mean? It means that the more ways a device can connect to the outside world (interface), the more vulnerabilities it has to unauthorized access. As an analogy, you have very little chance of being hit by a bus if you stay in your house. But you can’t stay in your house forever. The problem then becomes managing the risk/reward equation.

Medical devices usually have a very favorable risk/reward scenario: They unquestionably save lives – most of the time. But, as with everything else in our increasingly complex world, people want them to be wirelessly connected for convenience.

This is particularly important for implanted medical devices such as pacemakers and insulin pumps. Cutting a patient open every time you need to change the settings is painful, expensive, and dangerous, so modern implantable devices use some sort of wireless system. The doctor simply uploads new software to the device in a matter of minutes without bloodshed.

But… What happens if someone else gains access to the device? Someone with nefarious intent? Like many other devices, these things can be vulnerable to outside connections, and, once inside, it’s possible to alter them, with conceivably fatal consequences.

As mentioned in a previous post about the so-called “Internet of Things,” many of these products have gaping security holes, sometimes with no way to update them short of getting a new device. The code they run on is usually proprietary, which means it’s very difficult for security researchers to tease out problems – and the Digital Millennium Copyright Act might even make it illegal!

Former Vice President Dick Cheney even had the wireless capability on his pacemaker disabled to forestall a possible attack of this sort.

Unfortunately, Barnaby Jack, one of the primary researchers into these vulnerabilities suddenly died in 2013, under slightly mysterious circumstances. Of course, conspiracy theories abound. Hopefully, others will pick up where he left off.

http://www.cnn.com/2013/10/20/us/dick-cheney-gupta-interview/

Go Ahead, Hackers. Break My Heart

http://www.forbes.com/sites/singularity/2012/12/06/yes-you-can-hack-a-pacemaker-and-other-medical-devices-too/#25cb957813e0

http://www.komando.com/happening-now/371417/pacemaker-hacking-fears-rise-based-on-critical-research/all

Visit my Store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

The Snowden Effect

What is the Snowden Effect? It is the increase in public awareness and concern over the collection and use of electronic data by the US Government – without even getting warrants – since the revelations of Edward Snowden. Even though – obviously – electronic data did not exist when the U.S. Constitution was written, the Fourth Amendment specifically prohibits “Unreasonable search and seizure.”

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That seems pretty clear, doesn’t it? My electronic data certainly qualifies as an “effect” (as in “Personal effects”), and vacuuming up data en masse certainly qualifies as “unreasonable.” This isn’t even “Rounding up the usual suspects,” which implies known criminals; This is “Round up everybody and let’s see what we can pin on them!”

Now, you might consider Edward Snowden a hero, a traitor, a patriot, or a dissident, but the important fact is that this is a discussion that needs to happen, and Snowden forced the issue. This Country is not a dictatorship, it is (allegedly) a government ofby, and for the People, and as such, the Government is accountable to the people and has no right to spy on them without probable cause.

A lot of the current chatter is about digital encryption. The terrorists that shot up San Bernardino last December had an encrypted iPhone, and Apple, the manufacturer of the iPhone, has made the encryption so good that even they can’t break it. The FBI wants Apple to write an Operating System with a “Back Door,” that would allow anyone with the master password to unlock the system. They say this is a one-time deal… but think about it. If someone developed a Master Key to your front door – allegedly for the Police to use in a life-threatening emergency – how long do you think it would be before that master key leaked out? Let’s get real here! The only true secrets are the ones only you have a key to! Especially considering how many Government secrets have been stolen recently!

If you were a manufacturer of vaults, how would you feel if an agency asked you to provide a master key to your burglar-proof vault? How would you know you could trust them to keep that key safe, not only today, but forever?

Many developers of encryption software are already being leaned on to provide just such back doors. To their credit, some have refused. Some have even gone out of business rather than compromise their customer’s information. Though I’m not an Apple user, kudos to them for holding the line.

We need to pay attention to this stuff; our privacy and security is at risk. If the Government knows everything about you, they can do anything to you.

http://www.apple.com/customer-letter/answers/

What does the FBI think is on terrorist’s iPhone, anyway? A fight, perhaps

http://www.huffingtonpost.com/2014/06/05/edward-snowden-nsa-effect_n_5447431.html

Anti-encryption opportunists seize on Paris attacks; don’t be fooled

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Help! I’m a Drive-By victim!

How, Oh How, did I get that awful Nastyware that just showed up on my computer??
You may have been a victim of a “drive-by” download  (Unintended, often hidden, download and installation). It used to be, you got Drive-Bys mostly from “Shady” sites – Porn sites, Pirated software, and other illicit sites. Not anymore. Many completely legitimate sites have been hacked in order to deliver malware and spyware. Even the Department of the Treasury website was hacked a couple of years ago. A free browser add-on called Web of Trust (WOT) can help. It’s a Crowd – Sourced website checker that can warn you if a site is suspected of harboring malware, privacy problems, or is not safe for children. If you try to visit a bad site, you’ll get a warning asking if you really want to visit the site. You still can if you want to, but you’d better be very sure you need to.

WOT

The green circle shows this site is rated good.

It’s not perfect. Sometimes sites get flagged as bad just because of their politics or controversial subjects, so you also get the opportunity to read the ratings, find out why the site has been flagged, and add your own rating (If you want to).

Of course, you still need security software, but there is no “Magic Bullet” in this world, so WOT gives you another layer of protection on the Internet.

 

But You said I could!

Imagine walking up to a stranger on the street and handing him your personal address book, driver’s license, and email password. Crazy, right? But you might be doing just that when you install that cool new app on your phone or tablet.
If you own a smartphone or tablet, you should be paying attention to what the apps you’re installing want to do to you and your data. It doesn’t take the NSA to compromise your data; sometimes you can do it all by yourself by simply not paying attention.

When you install an app, you’ll be presented with a list of “permissions” before you can install the app. Some of the things an app might ask permission for include:

  • Full Internet access
  • Your Location
  • Read your contacts
  • Read your account information
  • Change system settings
  • Install shortcuts on home screen
  • Read phone identity
  • View network connections

Some apps need a lot of permissions to do their job; The Facebook app, for example, wants to make phone calls, send texts, take photos, and a whole host of other things. This is expected with them, because they are all about social networking.
You have to ask yourself, “does this app really need all these permissions? Recently, an Android app called “Brightest Flashlight” had it’s creators taken to court over the app’s mining data from it’s over 50,000 users.

Screenshot 2014-01-30 12.01.53Screenshot 2014-01-30 12.02.15

All these permissions for a Flashlight??!! Give me a break!
Some of the biggest offenders are games, ringtones and wallpapers. People want to have fun and personalize their phone, and they never ask themselves, “What’s in it for the developer if they’re giving the app away for free?” What’s in it, of course, is using your personal information to target you (and possibly your contacts, as well) for advertising. If you decide to install, say, wallpaper, and it asks for Internet access, guess what? You’re going to get ads, your device may slow down, and it’ll eat up your data! Now, some free, ad-supported apps are okay. These are the ones that only display advertising on the app itself, only when you are using the app. If you can stand that and the app is useful, go for it. Read the ratings others have left for the app to see how intrusive the advertising is.

So next time you install an app, pay attention to the permissions you are granting to that app, and ask yourself, “Do I really want to share this much with someone I don’t know?” Is it worth it? Sometimes the answer is yes, but at least make an informed decision.