It’s just not keeping your passwords or online accounts safe which counts when it comes to best security practices. If the system you’re using itself is compromised, anything else you do is futile. Now, this is not a usual advice post on installing and keeping your antivirus updated (which you must do!). I’ll outline some of the exotic way blackhats (the bad guys) compromise your phones and computers if you leave it lying around.
Notice that I don’t call them “Hackers” since that cover a wide range of folks in the computer domain. There are the good guys called Whitehats who find security holes and reports them so that they are fixed. The bad guys, who use these holes to hack into the systems and steal data, are called Blackhats. Now let’s get back to the topic at hand.
Bad USB Devices
These days even if someone hands me a “free” USB thumb drive or device, I refrain from plugging it into my laptop. What looks like an innocuous-looking flash drive can be used by hackers to compromise your machine and even install software without anyone having to even press a key on the computer.
Blackhats even change the firmware on legitimate USB drives to act maliciously. So any system they’re connected to get infected as well. Once infected, these USB devices cannot be cleaned! They just need to be disposed of.
∅ So unless you buy a sealed box containing the device from a store, please don’t risk plugging it into your system.
Rogue Cables also!
Even USB cables are not safe these days! You just can’t borrow on from a stranger lest you fall for one of these:
A video from a Bay Area hacker, @_MG, shows a specially crafted USB cable which he’s created, can compromise your laptop if the cable is connected. You don’t even need to add an external device to the cable!
HID attacks via USB drives have become too suspicious. What about embedding the attack inside a USB cable?
Just a quick test for a few things I'm hoping to make over the next month. pic.twitter.com/3iNjLqXloW
— MG (@_MG_) January 1, 2018
Juice Jacking your Phone
Your phone’s at 5% charge and you’re at an airport or coffeeshop. You see a bunch of cables at a charging station located there – what do you do? Rush up to it and plug your phone in?
At this point, your phone could be compromised and your data from the phone stolen!
Blackhats usually get access to these stations and add their circuitry to these points so that when a phone is connected to the charging cable, they steal data or install malware on your phone.
This method of hacking phones is Juice Jacking. Since your phone uses the same cable for charging and transferring data, the blackhats’ specially crafted devices can extract data from your phone’s storage, contacts and photos when it’s connected to these stations.
∅ So unless plug in your own charger to a power outlet, do not use these “free” charging outlets. Invest in one of those power bricks if you travel a lot and need to juice up on the road.
∅ If you really must use one of these outlet, power down your phone before plugging it in. This reduces chances of your phone being compromised. Beware some phones automatically power up when connected to a power source.
Yes Lock, Antivirus & Updates
Even though I said I’d gloss over this, here’s a brief footnote that if you still don’t use an antivirus on your machine, go and get a free one and install that at least. Windows, Mac and Android users must have one installed to keep your device safe. Yes, Mac users also need one, you’re not safe from viruses and malware. Also, keep your system secure by installing the latest updates so that any security holes which the company has patched on your device is applied.
If you leave your computer or phone lying around and don’t have a password or pin to unlock it, anyone passing by can open up your device and access your data. It’s akin to leaving your main door to your house unlocked. They can also install malicious software like remote access shells and keyloggers so they can steal information from your system even when they’re away.
∅ Always set your computer to require a password or pin to unlock the system and set the system to ask for this after a period of inactivity.
∅ Set your phone to also require a pin, pattern or biometric method ( fingerprint, face unlock) to unlock the device. This will also keep your data secure if your phone is stolen since the thief won’t be able to unlock it.
Image Credits: USB Drive – Photo by Kaboompics // Karolina from Pexels& Phone Charging by rawpixel.com on Unsplash