With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user?s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts. CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child?s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app. On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account. According to the CloudPet?s site, the breach was caused when CloudPet?s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet?s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts. Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use ?easily guessable? passwords.
Many hackers rely on their ability to trick users into giving up information or control of their technology. As technology advances, hackers continue to find new and updated ways to gain access to user accounts. One scam in particular, known as homographs, has seen an increase of popularity as of late. What are they? Homographs are a phishing strategy that is used to disguise a hyperlink to look like a legitimate, secure website. Scammers are able to use these attacks due to the way that many browsers interpret URLs with characters from another language. An example of this can be found with Russian Cyrillic letters, many of which look similar to English letters. To account for this, browsers utilize basic translation tools so a user can still access a legitimate website using non-English characters by translating the address into a series of English letters and numbers. How do hackers use homographs? Hackers are able to take advantage of homographs by using letters from another language that look identical to letters of the English language. They create a URL that looks identical to the legitimate site, but once clicked it will automatically take you to a compromised site where your data can be at risk. This attack works because users won?t be able to see that the URL is not legitimate until it is too late, as once they click the link they will most likely be infected by malware. How can I protect myself? While many browsers have created fail-safes to combat this issue, there are still many browsers that are left unprotected. Even those that do use the fail-safes can be easily tricked, so it?s up to the user to prevent the attack. Be conscious of every link you click, and never open up a URL that you cannot verify. This means any URL in an unknown email address, or a pop-up ad that claims to be a legitimate company. The best way to avoid homograph attacks is to always manually type in the web address. Want to know more about how to prevent cyberattacks? Contact Info Advantage at (585) 857-2644 to talk to our security and technology professionals today.
Face it, your laptop isn?t indestructible. There are only so many times you can throw your laptop in a cramped bag or have it drop from your hands before you see some damage. While many laptops can be saved with something as simple as a sturdy case, many modern professionals work in conditions that make it very difficult to protect the technological equipment needed for businesses to run smoothly. That is why many manufacturers are creating lines of ?rugged laptops,? which can withstand even the harshest of work conditions. What Are Rugged Laptops? A ?rugged?? laptop is a PC that has been designed to withstand very harsh environments and conditions, such as heavy traveling or factory work. These laptops are built to withstand just about anything, including drops, spills, extreme temperatures, and much more. There are a variety of different types of rugged laptops, each built for a specific purpose. Many rugged laptop vendors offer an assortment of rugged laptops that are classified into three ?levels? of ruggedness; semi-rugged, fully-rugged, and ultra-rugged. Semi-rugged laptops are typically enhanced versions of commercialized laptops with more protection, where an ultra-rugged laptop is built from the inside-out to resist even the harshest environments. What Classifies a Laptop as Rugged? Most rugged PC manufacturers use the MIL-STD-810 environmental durability standards to test how rugged their laptops are. The MIL-STD-810 was originally created in the 1960s by the US Department of Defense as a guideline for designing military-grade technology that can be used in high combat areas. The standard provides a variety of different test methods which can be used to ensure equipment is suitable enough to be used on the field of combat. This includes tests for temperature, vibration, impact, water resistance, altitude, sand or dust, and more. Manufacturers are also known to reference the Ingress Protection Code, which classifies the degrees of sealing protection of electrical equipment, and the NEMA classification, which describes different electrical enclosures and how they hold up in different environments. Who Should Be Using Rugged Laptops? While rugged laptops are typically designed for people who work in extreme conditions, just about any business professional can find value in a rugged laptop. While you may not be using your laptop underground or at sea, your personal computer may be taking on more damage than you think. Laptops are often shoved in bags or airplane compartments, or left in places they could potentially get damage, such as a bathroom or kitchen. Therefore, just about anyone who takes their business on-the-go can find benefits from ruggedized laptops. If you?re interested in a more rugged laptop but don?t know what level of protection you need? Contact the technology experts at Info Advantage today at (585) 254-8710 to talk about what technology solutions will best fit your business. [Photo: DoD]
If you?re an avid online shopper, you know the struggle of having to fill out your information each and every time you want to make a purchase. For many, autofill is a way to save time when shopping online. While this feature is convenient, it can also put your data directly into the hands of cybercriminals if a user isn?t careful. How They Do It Hackers are able to use autofill to their advantage by adding hidden fields in a sign-up form. These fake sign-up forms try to trick users into giving up more information than they think they are. The form may seem to only ask for a name or email address, but can secretly also take any other information that has been saved in a browser?s autofill. This could include information such as a billing address, phone number, credit card number, security codes, and other sensitive personal data. While this method of attack isn?t necessarily new, whitehat hackers have had trouble finding effective ways to counter the threat. Prevent an Autofill Attack Autofill attacks can happen to nearly any user on any browser that has autofill enabled. However, browsers such as Chrome and Safari are particularly prone to these types of attacks, as autofill comes pre-configured when the browser is first downloaded. To avoid these types of attacks, experts suggest using a browser without autofill, such as Firefox. If you want to stick with Chrome or Safari, you may want to consider disabling the autofill feature. If you enjoy the convenience of autofill, make sure you only utilize the feature on sites that have been marked as secure. Otherwise, it?s advised that you take the time to fill in each field by hand to avoid giving information you don?t want to give. Worried that your sensitive data might be at risk of leaking? Call Info Advantage at (585) 254-8710 today to talk to a security expert about how you can keep your private data safe.