It’s been more than 40 years since Bachman-Turner Overdrive (BTO) released “Takin’ Care of Business,” and we’re betting that Bachman, Turner and everyone else of the era did not anticipate the kind of business we’d be taking care of today: laptops that work (but may not be allowed!) on airplanes, cloud storage and cameras connected to hands-free devices—what were any of these space age things in 1973? Non-existent. But then, so were many of us.
It’s the cyber week in review and we’re taking care of some digital-age business, and learning some digital-age life lessons along the way. (Cue that riff by clicking the link).
An Unwelcome View into the iCloud
Clouds have many colors—pink, blue, yellow, gray and white. Your iCloud storage is likely even more colorful, and you may not want hackers to take a view, nor would you want that cloud cover to vanish.
A group calling themselves the Turkish Crime Family claimed that more than 600 million iCloud accounts have been compromised and that unless Apple pays them a $700,000 ransom they will wipe all of that data clean.
A man has been arrested in London, but a spokesman for the Turkish Crime Family sent a message to The Sunday Times saying, “He’s not a member of our group. We just used his name on stuff and the [NCA’s National Cyber Crime Unit] fell for it.”
Another, potentially real, member of the group was arrested in Tel Aviv, Israel.
Apple has officially stated that their systems have not been breached, but that credentials may have come from third-party services. ZDNet has confirmed some of the facts, saying that millions of passwords “from other previously hacked websites and services” have provided access to these 600 million iCloud accounts.
That’s because hackers like this group are banking on the fact that people still routinely use the same password for multiple websites. A Yahoo hack + LinkedIn hack + Dropbox hack + any number of other hacks = one giant iCloud hack. Simple math for nefarious ransom-seekers.
Lesson Number One: Which brings us to lesson number one this week, as if this one needs repeating (but hey, that’s why it’s number one): Never use the same password for more than one site. Never means not ever, yet millions of people still do. Those millions of people might find that their iPhone, MacBook, or other Apple device will lose all of its memory remotely, should Apple fail to pay this bitcoin ransom.
Go ahead and change your passwords on your Apple devices. We’ll wait.
Another View: from the Google Nest Cam
Speaking of views, and how you might not want to share yours, your internet-connected security camera may be remotely disable-able.
That information comes from mobile security and IoT hacker Jason Doyle, who recently published three vulnerabilities in the devices Nest Cam Indoor, Nest Cam Outdoor, and Dropcam products Dropcam Pro and Dropcam security cameras.
The vulnerabilities, which he published on Github, could allow a digital-age invader to do some old-school burglary. Basically, the hacker could use Bluetooth to overwhelm the device memory, with excessively long Wi-Fi data, which would then make the camera crash and reboot (with a couple of different ways to do that). The third vulnerability involved making the devices disconnect temporarily in order to connect to another network.
Any one of these three tricks would provide a short period of time, at a planned interval, for an on-site burglar to gain access to your home while not under your camera’s surveillance.
What is needed is an update that would allow Bluetooth to be turned off of these devices. Some cameras already turn Bluetooth off after setting up Wi-Fi.
Lesson Number Two: Disable Bluetooth when you don’t need it! From hacking toys to automobiles, Bluetooth convenience means cyber insecurity—one of the most frequent ways for hackers to invade.
The View from the Air: Laptops
Speaking of taking care of business, many professionals have been flying with a laptop in tow for at least a couple of decades now. While models have gotten smaller since the 90’s, a laptop may even literally be a lifesaver when flying, like in one Ft. Lauderdale airport shooting.
Yet in the name of saving citizens from terrorist attack, airlines in the US are being ordered to ban most types of electronic devices in the cabins of US-bound flights, and the UK is imposing similar restrictions.
Travelers will still be able to place laptops and tablets in checked luggage on these international flights, but only smartphones will be allowed in the cabin.
Of course, long international flights are a prime opportunity for many business travelers to get work done. If you come from one of several Middle Eastern countries, however, your work will either have to wait or be done via smartphone.
Lesson Number Three: Tough one. Is the lesson that tensions are higher than ever between Western and Middle Eastern nations? That’s hardly one to live by.
How about the lesson that you should always bring a book or paperwork you can do by hand when traveling, anyway? After all, in-flight Wi-Fi isn’t on every airline and if you are a frequent flyer you know in-flight Wi-Fi doesn’t even work all the time.
When weighing the cyber news it can be difficult to assess direct impact on your business. That’s why cyber threat assessments (CTA) from cyber security experts utilize data with breadth and depth to advise your business specifically of risks, liabilities, and proactive action.
So enjoy the headlines, but stay out of them, and contact us to help ensure you do.