Getting by in the Internet of Things
What do all these things have in common: Digital assistants, smart watches, fitness trackers, home security devices, thermostats, refrigerators, light bulbs, remote-controlled robots, games and gaming systems, interactive dolls and talking stuffed animals? They all send and receive data. But do you know how that data is collected? Hackers can use these innocent devices to do a virtual drive-by of your digital life, the FBI writes in a recent alert. Unsecured devices can allow hackers a path into your router, giving them access to everything else on your home network that you thought was secure. Here’s how to build a digital defense:
- Change the device’s factory settings from the default password. A simple Internet search should tell you how – and if you can’t find the information, consider moving on to another product.
- Passwords should be as long as possible and unique for IoT devices.
- Many connected devices are supported by mobile apps on your phone. These apps could be running in the background and using default permissions that you never realized you approved. Know what kind of personal information those apps are collecting and say “no” to privilege requests that don’t make sense.
- Secure your network. Your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices.
- Make sure all your devices are updated regularly. If automatic updates are available for software, hardware, and operating systems, turn them on.
If you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at ic3.gov or call your local FBI office.
UL rates security of connected devices
How secure are your connected devices? Underwriters Laboratories offers an IoT Security Rating to help you make an educated decision about which devices to use. The security standards come in five tiers: diamond, platinum, gold, silver and bronze, according to CNET. They are given based on seven requirements: software updates, data and cryptography, logical security, system management, customer identifiable data, protocol security, and process and documentation. Each requirement has its own checklist of security practices. For example, to get the bare minimum verification under data and cryptography, your device can’t have default passwords. To get the diamond verification, your device would need to be protected from brute-force attacks – when hackers spam password attempts until the correct one is chosen.
Real-time phishing protection
Google Safe Browsing has helped protect Chrome users from phishing attacks for over 10 years, and now helps protect more than 3 billion devices every day by showing warnings to people before they visit dangerous sites or download dangerous files, reports Google. Safe Browsing has always scanned the web for dangerous sites. But, if a phishing site is created and used for attack moments later, even the quickest scanners can’t warn people fast enough. But from its experience detecting phishing sites, Safe Browsing’s insights can now make predictions about risks in real time, according to the company. Google says it is using its experience detecting phishing sites to test new predictive phishing protections in Chrome. Soon, when users type their Google account password into a suspected phishing site, Google will add additional protections to ensure the account isn’t compromised. Those protections will apply even if you use a different browser afterwards. Google says it plans to expand predictive phishing protection to all other passwords saved in Chrome’s password manager, and enable other apps and browsers that use Safe Browsing technology, like Safari, Firefox and Snapchat, to use it as well.
iPod nostalgia?
If you’ve always wanted an iPod click wheel on your iPhone, a new app is helping to bring Apple’s iconic music player back into the modern touchscreen era, reports The Verge. The app – Rewound – is a basic music player app that’s available in Apple’s App Store. It uses downloadable skins to transform the app into an iPod or more, and it syncs to an Apple Music library. It even includes haptic (i.e., touch) feedback, so it looks and feels like a classic iPod. Rewound’s developer, Louis Anslow of Rethought agency, worked on the app for a year. The idea is to bring back the idea of buttons and the nostalgia of devices like the iPod. “You can program physical appearance of a device,” he says. “It could become anything.”
Hey! I’m talking to you!
When making a FaceTime call, a user naturally wants to look at the screen – at the person they are conversing with. On the other end, the recipient of the call just sees the caller looking down. When the caller looks at the camera, the recipient sees this as the caller looking them in the eye – a much more natural point of view. However, the caller is no longer looking at the recipient on the screen at that point, which means they can only count on their peripheral vision to see the other person’s reactions, rather than a clearer image when viewing normally. With the third beta of iOS 13, Apple has added a new toggle for FaceTime Attention Correction, which aims to make it appear as though you are looking directly at a friend during FaceTime call when you’re actually looking at the screen, reports Apple Insider. It creates a 3D face map and depth map of the user, determines where the eyes are, and adjusts them accordingly. The functionality is limited to the iPhone XS and iPhone XS Max.