Wipe Electronics before Tossing Them

Nice idea, this. Found in the parking lot of a gas station.

But, of these 7 computers… I’d guess only 30% have been wiped.

Before it leaves your control, clear it all…

… your phone before sending it for service, hard drives before Goodwill, your phone before exiting the rental car…

If I was a desperate poor person without morals, this bin would be my start into the blackmail business.  And if that occurred to me, someone’s actually doing it.

 

Leave NFC turned OFF

NFC – Near Field Communication – passing files between two devices, without touching, using radio frequencies.

That Samsung TV ad, where the friends exchange a music file by passing their phones near one-another, but not touching… that’s NFC.  Or, how you scan your Visa “tap to pay”…, the Visa machine reads an RFID chip (radio frequency identification)…  that’s NFC.

Leave NFC turned OFF to prevent an attack.

Attack example 1: I “bump into you” on the street, you have NFC on, now I have established a connection with your phone, from there it’s dealer’s choice (see also “subway attack“)

Attack example 2 – an NFC reader is hidden beneath a chair cushion. 

The attack:

– target sits on chair
– the credit card in his back pocket is scanned
– attacker now has credit card number & expiry date, and first and last name  (that’s what is edited out below)

The defence:

Leave NFC off, and use a RFID shielding sleeve / wallet for your credit cards.

 

Good to Meet You, SecTor

I’m Keri.

I run this blog, and am a full-time auto journalist with my Sun Media; news, reviews, and a weekly column called, ‘Keri On Driving’, where I get to say whatever I want for 300 words.


I’ve combined the worlds a few times, columns that may interest you include:

– Let’s go War Driving – here
– Securing your Car in the City – here
– Computers in Cars – here
– Your Car can be Hacked, but Not Really – here
– Stick Families are a Terrible Idea – here
– and maybe this post – Went Armoured Car Shopping

If we’ve met before, I’ve probably said the same thing that I’ll say again now:

I am way beneath you in skills; a script kiddie at best.

This is likely why you’ve never come across the Security category of my blog; it’s better suited to like, your relatives.

– How to change your Router Password – here
– Don’t Name your Phone your Name – here
– Most Common iPhone Passwords – here
– My blog being spidered looks like this – here
– You’re responsible for Hotspot users – here
– Your screen can be seen 20 feet Away – here

There’s a hole in the internet for end-user security stuff, so that’s the goal here.

Plus fun videos:

Smarten Up, Internet – for the housewives of Iowa

Please don’t hack me. It wouldn’t be much of a challenge even, plus, same team guys.

Look forward to seeing some old faces and meeting new ones, and am always up for car talk (was in Kentucky last week with the new Buick Regal, and… it’s cool,  I know?!; Audi and VW are my benchmarks, because minimal; I own a ’99 Jetta that’s a lunch box, last week got to drive with Ken Block in his Fiesta; and if you’d like to talk about hacking a car, I would too).

Twitter@KeriBlog
FB – ugh, almost never
Email – Keri AT KB dot com

PS – this blog design is new, that’s why the broken links and “placeholders”.  Back up and running soon enough, until then sorry.

 

 

Not that Silk Road, that's Why it's Funny

Because “Silk Road” is a black marketplace – buy items I wouldn’t want to be in Google for, using bitcoin (BTC) currency, and located on the Deep Web.

So ya, they’re not handing out these sticky-note ad specs.

I got this at a conference, and when I explained to the guy why I started laughing when he handed it to me, he was not as amused.

Be careful if you go searching. The above link leads to Wikipedia, and that’s as far as I’ll go; I’d never let this computer touch that place.

Click that ‘deep web‘ link though, that’s neat.

 

This Robot is Brute-Forcing an iPhone

The robot will try all possible 4-digit passwords on an iPhone.

Seen at Black Hat 2013.

Best Use I Can See

It’s not elegant, but it would work. Grab a phone off the street, return to a secure location, put it under the robot, wait.

You’d need a location though, and time. And it’d be a targeted attack; you’d be after the information on the phone, not the phone itself. Otherwise, just wipe it.

Defences

– turn OFF simple passcode. Then you can have a longer passcode, with alphanumeric characters
– turn ON “after 10 failed password attempts this iPhone will wipe itself”
don’t use any of these – Most Common iPhone Passwords
– hang onto your phone tight, but not like this this

Sorry, that’s all I know; saw it en route to the car hacking talk.

So if this robot belongs to you, email me and I’ll link you up, and any explanation you’d like to add.