Your Screen can be Seen from Far Away

Like the 2nd floor of a mall.

What about using using a real camera, instead of a phone?

And know how, while typing, the letters get larger?

The Attack

HD video camera > zoom > record > play it back slowly > get password

The Defence

Back to the wall when entering passwords, and look up first, everyone forgets to look up.

 

 

Never Connect your Car’s WiFi to a Public Network

Staring this 2015 model year, cars will come equipped with internet and WiFi capabilities.

Here I am sitting outside a friend’s house in suburbia; I could connect to the houses around me.

You’ll soon be connecting your car to your home network to update it. Only ever connect your car to a known, safe network, like your home, and never a public network, like a coffee shop.

* = password

The Attack

You connect the car via a coffee shop > an attacker inside has MITM’d the connection > now all internet traffic runs through his computer first, before going to the internet

The Defence

Connect only to a network you fully control, like your home.

While this is unlikely to happen…

… that’s only for now. While car hacking is still in its infancy, now is the time to form good habits, because it only takes one connection, one time, to tank it all.

(see: ‘Keri on Driving’ column Dispelling Car Hacking Fears, and the lead press piece I wrote for last year’s SecTor Security Conference)

***

Further reading:

– how to secure your car’s internet connection

– my column: WiFi HotSpots are coming to Cars

– what is a MITM attack

– general WiFi security 

 

 

What 1 Google Search Reveals

1 – where you’re visiting
2 – on which browser
3 – date and time

#3 reveals the most information.  Because 1 visit to 1 website, meh. But the patterns that emerge from watching someone’s traffic can reveal a lot.

Examples:

– multiple daily visits to the same Facebook page = the person is obsessed with someone

– repeat visits to Tumblrs featuring X type of content = the person has a fixation for X

– visits to websites detailing how to covertly do X = the person potentially has nefarious plans to execute X attack

* – that’s the cookie / tracking code that follows you around the internet, monitoring where you’re going

***

The above photo was taken during December’s TASK meeting (Toronto Area Security Klatch), specifically during Lee Brotherston talk about his ISP deliberately MiTM’ing his connection.

The ending was the best part, because it was so refreshingly honest. Here’s his slide deck.