Press "Enter" to skip to content

Posts published in “Bluetooth”

Bluetooth Users: Beware of Bluesnarfing!

0

Do you enable Bluetooth on your phone, tablet, or mobile devices? If the answer is yes, you might want to reconsider (like me)!

Yesterday, I was the unlucky receiver of a rare (but not unusual) cyberattack: an attack to phish data with enabled Bluetooth! Picture this: While in my car using Bluetooth listening to music on my iPhone (my Android phone's Bluetooth was also enabled), I suddenly noticed something or someone trying to enter passwords to log in to my phones! At first, I thought I accidentally activated the login screen, but after a few minutes of studying what was going on, it was evident that someone was trying to access my phones’ data. I literally could see someone trying to enter a password on the login screen and then all of a sudden receive a failed attempt message (which also appeared on my screen). Whoever it was – kept doing it – untill I finally shut off the Bluetooth in my car, on the phones, and changed passwords.

After conducting some research, I discovered that cybercriminals within Bluetooth range are using Bluetooth as a tool to collect victim's personal data, called Bluesnarfing. They do this through a piece of software that enables them to download photos, text messages, music, passwords, and even confidential information like your banking records.

These types of attacks happen more than people realize and too many are unaware. With the confidential data that passes through or is stored on lawyers' devices, it is important that we all take precautionary measures. Regardless of which device you own, here are a couple of important tips to remember:

  1. Only use Bluetooth when absolutely necessary and only use public Wi-Fi with a reliable VPN. Turn Bluetooth and Wi-Fi off when you are not using them (althought it is always best not to use public Wi-Fi).
  2. Keep your device's software, apps, and operating system up to date. Allow automatic updates by the maker. If there are apps or programs you are no longer using - properly delete them.
  3. If you can, regularly check the internet to see if there are any important security/privacy settings you should change (view these setting updates for iPhone/iPad users and these setting updates for Android phone/tablet users)
  4. Change passwords / passcodes on a regular basis. Remember security experts now say it is better to have a longer password than it is to have a complicated password. (Hint: Set passwords to favorite sentences, phrases, songs, movie lines, etc. that no one else would know - although sentences of random words you can remember work best.) If your phone does not allow you to change passcodes (numbers) to long passwords, regularly change and reset your passcode on a weekly basis (or everytime you active public Wi-Fi or Bluetooth) and make it longer than 4 digits.
  5. When safe, always keep your devices in plain view sight and within your hand’s reach.
  6. Avoid storing information like passwords, banking information, and highly sensitive data on your devices. Use a password vault instead.

Follow SC Bar PMAP for further updates and if you see any articles or blog posts on this issue elsewhere, please email me at eworley@scbar.org .

Public Wi-Fi Users Beware!

0

Several weeks ago at the 30th anniversary of ABA TECHSHOW, security experts firmly warned attendees about the dangers of using public Wi-Fi (not to mention several other security topics). The experts stated that while they knew many users in the room were aware of the risks associated with it, users utilized it anyway, because of the convenience, cost (it's cheap=free), and mindset that they would only be on it for a short period of time (short time = data won't get compromised/stolen).

Various experts stated that while the hotel WiFi appeared to be safe, users were taking a huge risk by being on any form of public Wi-Fi, regardless of location or credibility. Security experts proved their case by using many different examples of how devices/data could be compromised on a public Wi-Fi network with just a little bit of knowledge or tech savvy and a few tools. The results? Over and over, it was shown how public wi-fi in places like hotels, airports, restaurants, etc., makes a perfect target for malicious hackers to tap into a world of free roaming data.

The common question being, what should a user do when he or she is on the road and in need of an internet connection or the equivalent form of WiFi? What forms of remote access besides public WiFi are out there?

The tips from the experts:

  1. Turn off all public Wi-Fi. (For that matter, don't use WiFi altogether unless it is your own private Wi-Fi network (and even then, be sure your own private Wi-Fi network is secure as private does not always mean secure)).
  2. Don't use any open Wi-Fi networks unless it is a WPA 2 encrypted network with a password. (Click here to find out how to tell on a Windows or Mac Computer). Note that if you do use or have a WPA 2 connection, your data may not be secure. Consider using a WPA 2 Enterprise connection (WPA-ENT) instead of a WPA2-Personal (WPA-PSK) connection.
  3. Make sure all website URLS (especially those that you have to enter any kind of payment information (like credit or debit cards) or sensitive data, etc.) contain HTTPS (to show it is a secured connection) and not HTTP. Utilize HTTPS Everywhere (plug-in for Firefox and Chrome browsers to make sure websites only go to an HTTPS connection).
  4. Set up and use a virtual private network or VPN (Note: unless you are very tech savvy and have set up a VPN before, you probably want to hire an IT consultant to help you set up the VPN initially to make sure it is set up correctly and is secure)
    1. Possible hardware/software options:
      1. iTwin Connect (hardware device)
      2. TunnelBear
      3. ExpressVPN
      4. VPN4ALL
      5. VyprVPN
      6. Open VPN
    2. Or check out this list provided by John Simek of Sensei Enterprises to decide which VPN is right for you
  5. Set up and use a hotspot (if you are unable to use a VPN). There are different kinds of hotspots - you can purchase a mobile mi-fi hotspot device from your cellular carrier, or you can use your cell phone as your mobile hotspot (extra data charges may apply). Check out this article from PCAdvisor on how to use your smartphone as a hotspot.
  6. Make sure your security software is up to date and turned on. If you are on a shared wireless network, make sure your firewall software is turned on and up to date. Make sure network sharing is turned off if you are on a shared or public network.
  7. Use two-factor authentication for websites who give you that option

For more information, see this Attorney at Work post on the dangers of public Wi-Fi. The key for law firms is education. Don't be an ostrich and bury your head in the sand. You owe it your clients and yourself.

Written by: Emily Worley, PMAP Assistant

Edited by: Courtney Kennaday, Director, PMAP

South Carolina Bar