Cybersecurity Roundup Series - December 2019

Cyber safety is more relevant than ever, especially coming off the Holiday season. While more smart home devices like TVs, security cameras, thermostats, and lighting enter our homes, it shouldn’t go without notice that they do provide potential entry points to your network. The past few weeks has brought up alarming cyber security news that we should keep a vigilant eye on and proactively seek ways to stay safe. Our new monthly series will recap the latest cyber security news to help keep you informed, as well as provide tips to help keep you, your family, your network, and your important data safe from potential threats.

FBI Warning About Smart TVs

During Black Friday, Cyber Monday, & the Holidays, deals for TVs were just about everywhere. The convenience with Smart TVs is being able to connect to your home network and stream your favorite apps like Netflix, Hulu, YouTube and Spotify without any additional equipment. Because these Smart TVs are connected to our network and with features like streaming and facial & voice recognition capabilities, the FBI warned consumers of potential intrusion vulnerabilities.

According to the FBI, “At the low end of the risk spectrum, they [Hackers] can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently cyberstalk you." Additionally, without extra layers of network security, your Smart TV can provide an easy way in the backdoor through your router.

Here are a few tips that the FBI has laid out to help protect your family from potential intrusion:

• Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.”
• Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service.
• If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.
• Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past?
• Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.

Securing Your IoT Devices

These days, it seems like every new gadget or device entering our home connects to our network – digital assistants, fitness trackers, refrigerators, light bulbs and more! While IoT devices in our smart home provide a convenience, it should be noted that it doesn’t come without risks. Because of this, the FBI states, “What these all have in common is that they send and receive data. But do you know how that data is collected? And where it is going?”

Also, with more devices on our network, we are essentially providing hackers more potential access points to our router. While devices like smart phones and computers/laptops are able to receive regular updates or have security software added for additional protection, the same can’t be said for IoT devices, which users typically have limited control over software and settings.

Here are some recommendations from the FBI to help build a digital defense:

• Change the device’s factory settings from the default password. A simple Internet search should tell you how—and if you can’t find the information, consider moving on to another product.
• Passwords should be as long as possible and unique for IoT devices.
• Many connected devices are supported by mobile apps on your phone. These apps could be running in the background and using default permissions that you never realized you approved. Know what kind of personal information those apps are collecting and say “no” to privilege requests that don’t make sense.
• Secure your network. Your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices.
• Make sure all your devices are updated regularly. If automatic updates are available for software, hardware, and operating systems, turn them on.

Ring Doorbell and Camera Vulnerability

Consumer Reports reported that 3,000 Ring Doorbell and Camera Accounts may have been exposed online, with Ring strongly urging users to change their passwords and use two-factor authentication for additional security. In the wrong hands, the exposed usernames and passwords could lead to accessing a user’s Ring app, allowing them to view live camera feeds, recordings, and personal info such as phone numbers and addresses. According to Ring, there wasn’t any evidence of compromise of their systems or network and the exposure was likely due to credential stuffing.

Additional Ring news included multiple cases of hackers accessing Ring users’ security systems and attempting to communicate and interact with people in their homes. In an incident that made rounds in the news, an intruder gained access to a family’s Ring camera, getting the attention of an 8-year-old girl in her room by playing music through the camera’s built-in speaker. The hacker began speaking and interacting with the girl, ultimately terrifying her.

In response to this incident, as well as similar incidents that occured, Ring released a statement saying:

“Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network. Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., user name and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts.”