Categories
Uncategorized

Amazon Sidewalk

Hello, once again it’s time for Tech News from your Local IT Business Helpful Dave! Where we try to simplify what’s going on in your tech world!

Do you own any Amazon Alexa or Ring devices? If so, you are automatically being opted in to Amazon’s new Network Sharing plan! That’s right, your home network and devices are going to be shared with neighbors and strangers alike. Is it safe and secure? Maybe. Can you opt out? Definitely! But should you? Let’s find out as we take a deeper dive!

Our Tech Terms for this week are:

Sidewalk – this is referring to Amazons new data network

Tile – Not what you put on the floor in your Bathroom. It’s actually small device people attach to items that helps find that item in case it is lost.

—Now onto the news—

Amazon’s Sidewalk program is a new network sharing service that users of Amazon Alexa and some Ring Devices are automatically being opted into. The goal of Sidewalk is to make sure all Amazon devices and Amazon Partner devices (Ring, Tile, etc.) always stay connected to the internet.

How it works is simple. First we have to assume that both you and your neighbor have an Amazon Alexa/Echo or Ring Device.

First the Scary Part:

Now let’s assume your neighbor’s internet goes out but someone is ringing his Ring Video Doorbell.

This is where Amazon Sidewalk will come in.

Your neighbors Device whether it be a light, doorbell, or garage door opener, will connect to your home’s internet and transmit data back and forth to your neighbor’s house. It’s possible that these devices can eventually transmit audio and even possibly video. We know it’s possible because one of the frequencies (900Mhz) is currently being used for radios (walkie talkies) for emergency service (police, fire, etc.).

So here’s the question. How can anyone be sure that your devices aren’t being snooped on when they connect to someone else network? Well Amazon stated they are taking measures to secure the data including multiple layers of encryption. As a matter of fact the way the encryption is setup, according to Amazon, is even Amazon won’t be able to see what you are transmitting back and forth.

However we have all seen large companies get hacked and have data breaches before.

Now the Benefits:

You may be asking, why would anyone WANT to leave Amazon Sidewalk enabled?

That’s because Sidewalk does have some benefits that Amazon is touting.

Remember Tile that we mentioned earlier? If you haven’t heard of it, Tile has been making tags for a long time that help you find things you have lost. You attach the tag to a device and if you ever lose it you can use your smartphone to help you find it again.

The problem is devices like Tile are all very limited by range. With Amazon’s Sidewalk, Tile can now use all of the existing connections in the Sidewalk network so whoever loses and item can find it.

But Dave, you’ll say, I don’t care about helping some guy find his sunglasses! Sure, that’s fine. But according to Amazon they are expanding a lot of their services. They will also be including products that you’ll be able to attach to your dog’s collar, or maybe to an elderly relative’s watch or Life Alert device. So that way if they are lost, they can be located as well through the sidewalk network.

This is why Amazon is opting everyone in automatically without their consent. Amazon’s argument is that in the future it will do more good than harm. Amazon also states that the impact on your home network will be minimal (less than 500MB/half a gigabyte a month).

How do I Opt Out?:

If you own an Alexa Device:
  1. Open the Alexa app
  2. Open More and select Settings.
  3. Select Account Settings.
  4. Select Amazon Sidewalk.
  5. Turn Amazon Sidewalk On or Off for your account.

Amazon Official Instructions:

https://www.amazon.com/gp/help/customer/display.html?nodeId=GZ4VSNFMBDHLRJUK

If you own a Ring Device:
  1. Open your Ring App
  2. Tap the three-lined icon in the upper left-hand corner of the screen.
  3. Tap Control Center.
  4. Tap Sidewalk.
  5. Tap the Sidewalk slider button.
  6. You will see a screen asking you to confirm that you want to disable Sidewalk.
  7. Confirm that you wish to disable Sidewalk.

Ring Official Instructions Below:

https://support.ring.com/hc/en-us/articles/360032524592-Opting-In-and-Out-of-Sidewalk

I hope this information proved helpful to everyone! If you have any questions feel free to contact us!

—Working from Home? Learning from Home? We can help remotely as well!—

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Uncategorized

ParkMobile Breach

Tech News from Helpful Dave!

Hello, once again it’s time for Tech News from Helpful Dave!

Do you use an ParkMobile to pay your parking meter in Bloomfield? They were recently the victim of a breach and your data was possibly leaked. Are your passwords safe? We’ll talk about that in this update!

Our Tech Terms for this week are:

Hash and Salt: Sound delicious, but they are actually about passwords! Just like any good dish you cook up make sure companies are adding salt to your passwords!

RAINBOW Table: Not just for show, it’s used to steal your password!

—Now onto the news—

ParkMobile data was breached last month and they released a statement that reads:

“Our investigation concluded that encrypted passwords, but not the encryption keys needed to read them, were accessed. While we protect user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, users may consider changing their passwords in the “Settings” section of [your account].”

So why, if your password was protected against with hashing and salting, do they still recommend you change your password? That’s because these techniques, just like any sort of protection, are not completely foolproof.

Originally a lot of companies stored passwords in plain text format. This means that if your password was “ilovebloomfield” it was stored just like that in the database. So, if someone managed to hack into a company that you had a username and password with, and get that database, they’ve got your password.

So, companies started to modify your password by hashing it. To explain it easily, it’s like taking your password and applying some math to it to change it.

For example: if your password was ilovebloomfield, after we apply hashing your password becomes d53154d85e1907918d923642d039015a.

Companies store the hash instead of your password. That way if the company every gets hacked and the password database stolen, they don’t have your password.

However, as some of you may have figured out, if I know what ilovebloomfield looks like after its hashed, can’t I just figure out what everything else is as well? The answer is yes! Hackers eventually came up with that idea and its commonly referred to as a Rainbow Table (sounds fun but it’s not). The idea is to make a huge table consisting common hashing techniques and common passwords like password1234, letmein, and ilovebloomfield (of course). Then they could just compare the database they stole to their table and figure out everyone’s password.

Now to a lot of people’s favorite parts, favored by chefs, people who love pretzels, and sophisticated cybersecurity experts, SALT.

Adding a Salt to your password is just another extra flavor that helps keep your password safe. It adds a bit more randomness by adding some extra characters to your password. This thwarts many of the common and faster attack techniques. However just like any good cook you have to keep your salt somewhere close by.

The Salt here is created by the company so they need to keep the formula for it somewhere close by so when you try to login the company can look at the Salt as well to make sure your password matches.

Realistically, Hashing and Salting your passwords, just like any form of security, is only as good as the company doing it. These techniques are really to buy time for you to change your password while the hackers are decrypting that stolen database.

Our Recommendation:

We strongly recommend you use a different password for every website and app based two factor authentication.

Managing a lot of different passwords can be a hassle so we recommend our clients use LastPass to help them manage all of their passwords in one place.

Check out LastPass here:

https://lastpass.wo8g.net/mmnzX – This is an affiliate link, if you sign up using this link we receive a commission.

—Working from Home? Learning from Home? We can help remotely as well!—

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Health Security Updates

Trojans and Privacy

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week is going to be brief. I know this is impacting our local community as much as myself so I still wanted to get an update out there! If you’re working from home I have tips in here for you as well so read on!

Our Tech Terms for this week are:

Trojan: This is a piece of software/app that is disguised as something useful but is actually Malware that will either damage your electronics or steal your information!

—Now onto the news—

The Trojans are coming!

Firstly a warning about Corona virus app based scams. I know many of us are scared and want to have more access to information and the bad guys know that as well! I’ve seen reports of apps that disguise themselves as Corona virus trackers. These apps will tell you that they provide real time GPS updates as people in your area become infected so you know what areas of your local neighborhoods to avoid.

Please remember that local officials normally do not release names or locations of people who become infected for everyone’s safety. So if an app is promising you information that nobody else seems to have, its probably a Trojan!

—Private Messages are not always private!—

It’s only natural for water cooler talk and general socializing to continue as people shift to work from home. If your company or school set you up with software so you can communicate directly with your co-workers please remember that those conversations do not come with any promise of privacy!

In general unless you are texting someone directly over the phone you should always assume someone can read what you are saying. Especially if someone else is providing the software you communicate on since you are there employee!

—Working from Home? Learning from Home? We can help remotely as well!—

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Health

Sanitizing your Electronics

Weekly Tech News from Helpful Dave!

Hello, once again it’s time for Weekly Tech News from Helpful Dave!

This week we’ll be discussing something everyone should know: How to sanitize their cellphones and other electronics!

Our Tech Terms for this week are:

Oleophobic Coating: This is a kind of coating that is on most modern cellphones that repels fingerprints and smudges.

Now onto the news

First we have to understand how to properly sanitize our electronics. Let’s talk about the difference between cleaning and disinfecting. I’ll quote the CDC directly:

“Cleaning removes germs, dirt, and impurities from surfaces or objects. Cleaning works by using soap (or detergent) and water to physically remove germs from surfaces. This process does not necessarily kill germs, but by removing them, it lowers their numbers and the risk of spreading infection.

Disinfecting kills germs on surfaces or objects. Disinfecting works by using chemicals to kill germs on surfaces or objects. This process does not necessarily clean dirty surfaces or remove germs, but by killing germs on a surface after cleaning, it can further lower the risk of spreading infection.”

Why is this important? Because you really need to do both cleaning and disinfecting to kill the germs on your device.

Let’s talk about cleaning your cellphone first.

1. Take your case off: (NOTE: You should check with your case manufacturer for proper cleaning methods, but the following steps are normally fine) The cases should be removed and cleaned separately for two reasons. First it helps you avoid damage to your cellphone and second because dirt and debris can get stuck inside the case under your phone.

The easiest way to clean your case is just to use some warm soapy water. Give it a dunk and use a sponge but not a scrub with anything harsh. Give it a good rinse to get all the soap water off and then let it all the water dry out.

2. Clean your phone: Do not use just any product to clean your cellphone. Most modern cellphones have an oleophobic coating on the front that keeps it from showing finger prints and oils that would come from your hand. This coating makes it easier to see your screen when you want to use it. If you use a harsh chemical you will erode and eventually destroy that coating making your cellphone harder to use.

There are two methods to safely clean your cellphone. Personally, I like to use Microfiber cloths and some cleaning solution. You spray the cleaning solution onto the cloth and then wipe down your phone. However, if you want an all in one solution you can find pre-moistened wipes for your phone that you throw away after each use.

3. Disinfect your phone: This one is a lot trickier because there isn’t really a reliable way to disinfect your phone because most disinfectants rely on harsh chemicals. Those harsh chemicals are the only thing to my knowledge that can kill the coronavirus.

Apple recently made a statement that some chemical cleaners that a 70 percent isopropyl alcohol wipe or Clorox Disinfecting Wipe is safe. I’ll link their full statement at the end of the article. Android phone manufacturers have not made any comments on what they consider to be a safe chemical cleaning method.

The only other alternative in this area is UV Light which kills many germs. Once again though this method has not been tested specifically against the Coronavirus so there are no guarantees this will work. Some UV cleaners come in a wand that you wave over your devices and there are some that are like cases. Personally, I prefer the case because you enclose your phone inside of it ensuring good coverage of the UV light.

After you’ve followed all these steps double check to make sure your case is dry put it back on and you are all set!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks for reading this everyone. I hope you all have a safe and healthy week! My sources and some links to products are below.

-Helpful Dave

CDC: https://www.cdc.gov/flu/school/cleaning.htm

How to clean your Apple Products: https://support.apple.com/en-us/HT204172?mod=article_inline

Please note these store links are affiliate links and we will generate revenue if you purchase the items.

Microfiber cloths: https://amzn.to/3b4eJmo

Cleaning Solution: https://amzn.to/2xM8MfH

Cellphone Wipes: https://amzn.to/2Ql1QML

UV Cleaner: https://amzn.to/38R4Ffa

Categories
Security Updates

Android Bluetooth Vulnerability

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week I’ll be picking on your cellphone again, but only for Android users. So if you have an iPhone feel free to breathe a sigh of relief because you are safe!

Our Tech Terms for this week are:

Bluetooth: If you don’t already know Bluetooth is a means of wirelessly connecting two devices. The most common uses are when you connect your phone to your car, headphones, or headset. Bluetooth also allows you to share files between devices as well, which is how your car can see who is calling when the contact is on your phone.

Bluetooth Pairing: This is how two devices agree to communicate with each other. Lets use a small example on what it would look like to pair a phone to a car’s entertainment system.

1. Go to your car and find the Bluetooth settings

2. Tell your car you want to add a new phone

3. Go to your phone and then open your Bluetooth settings

4. Tell your phone you want to add a new device

5. Find your car from the list of available devices and select it

6. You are normally asked to enter a PIN Code that is displayed on the screen in your car to confirm

7. Your phone will ask you if you also want to share contacts with your car

8. Once accepted your phone is now permanently paired to that car until you unpair it or the settings are reset on the car’s entertainment system

Now onto the news

This exploit actually bypasses the Bluetooth pairing process completely. All that needs to happen is a hacker needs to be within close proximity to your cellphone and they can possibly execute code remotely. You will not be asked to pair your phone, you will not receive any notification, it will just happen!

Once the hacker has control over your Bluetooth they can perform any actions that Bluetooth is allowed to perform. This includes possibly steal your data, files, and even spread malware to other devices your phone is connected to!

To make problems worse not all phones will receive updates to fix this issue The reason being is manufacturers generally only provide security updates for your phone for three years from when the phone was first released. So if your phone is three years old or more you probably will not receive this update.

How do I know if my phone is vulnerable?

Your phone is vulnerable if you are running the following Android Versions and do not have the February Security Update from Google.

Android 8 also known as Android Oreo

Android 9 also known as Android Pie

Android 10 – the vulnerability is not as bad but you should still update your firmware.

If you are running a version older than 8 its possible you will be affected as well. The researchers have not done any research into that area since those phones are much older.

How to tell if you have the latest Android Security Patch?

The steps are different for some phones. In general you want to do the following steps:

1. Go into your Settings app

2. Go into System, then Advanced, then System Update

3. You’ll be able to see your Android Version and Security Patch in here

If February 2020 or later you are safe!

How can you keep yourself safe?
Here are Helpful Dave’s Tips!

DO: Always apply Security Updates when they are presented to you from your carrier or the Google Play store.

DON’T: Keep using Android Phones older than 3 years without checking your security version.

Please feel free to let us know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Security Updates

SIM Swap Attack

Weekly Tech News from Helpful Dave!

For this week I wanted to talk about the latest way criminals can steal your information.

It has something to do with your cellphone, but guess what? It’s not your fault! You didn’t download a bad app, or go to a bad website, or get phished via an e-mail. As a matter of fact if you have Two Factor Authentication setup via text message this attack actually allows criminals to bypass that too! Here’s where the kicker is, the person(s) responsible for giving away your personal information is actually your Carrier!

This article is going to have Tech Terms which are SIM Cards and Two Factor Authentication. If you don’t know what those are here is a primer:

—Tech Terms—

SIM card: The SIM card is how your mobile phone carrier (Verizon, T-Mobile, etc) knows where to direct all of your phone calls and text messages. Its normally a small physical card that is placed into your phone.

Two Factor Authentication: When you receive a text message or e-mail with a code to verify who you are when you try to login to certain websites or apps.

—Back to the News—

Recently a study was done by researchers at Princeton University and they used Verizon Wireless, T-Mobile, AT&T, Trafcone US, and US Mobile to learn how easy it would be to get them to send someone else’s SIM card to a would be criminal.

The attack works by tricking your cell phone carrier into sending the criminal a “replacement” SIM card that you never lost! Once a criminal gets your SIM card they can make and receive phone calls and texts with your number!

So here’s one way that it works:

The criminal first calls your cell phone carrier

Criminal: Yes, I need another SIM card.
Carrier: Okay I need your PIN number please.
Criminal: (Provides the wrong PIN number).
Carrier: That’s not correct.
Criminal: I’m so sorry I must’ve forgotten.
Carrier: No problem we can authenticate another way, can I please have….

Here’s where it gets tricky. Here’s a small list of what some providers ask for.

1. Full Name and Address: This information is easy to get. Someone can either find a nice house, walk up and grab a bill from the mailbox and now they have the full information. If they are in luck they can even grab your cell phone bill from the box as well. If they don’t know your carrier right away, they can just call all of them one at a time to see which one of them is correct.

2. Recent Numbers Dialed: Your carrier will ask the criminal for the last two numbers dialed or received in your phone log. This one people think is a bit trickier because how would the criminal know the last two numbers in my phone? Well its simple! They can call you and leave a message and if you call them back now they have the last two numbers!

How about this one as well, you are at large social gathering at a bar, restaurant, or maybe someone’s house that you know. Someone walks up to you and says “I lost my phone, can you do me a favor and call it?” All they need to do is have you do that twice and they have the last two numbers as well!

The most important thing to remember is your carrier doesn’t have a way of denying service to these criminals who continue to call. They might not have all the right information the first time they call up, but sometimes your provider actually gives up some of that information on the call! The criminal simply has to be persistent enough to continue calling and they can unfortunately sometimes find a way in!

How can you keep yourself safe? Here are Helpful Dave’s Tips!

DON’T: Use Two Factor TEXT based Authentication. Once a criminal has your SIM card they will be be able to receive text messages intended for you!

INSTEAD: Use an App Based Mobile Authenticator like Last Pass (http://www.lastpass.com), Google Authenticator, or Authy. An App Based Mobile Authenticator as the name suggests is actually an App installed on your phone. So even if a Criminal gets your SIM card they still can’t get access to your Two Factor codes because they are installed on your phone!

Our personal recommendation is Last Pass as it offers many more tools that include secure password storage, and an automatic password generator so you never have to think of a password again.

Here is a link to the study from Princeton: https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf

I hope this article proved informative and helpful to everyone! If anyone has any questions or has a news tip and want me to do a dive into it feel free to suggest in the comments below! If you want to stay up to date on Helpful Tech News please stay tuned for more!

If you liked the article and want to support us please use our affiliate link for Last Pass as we earn a commission if you sign up: https://lastpass.wo8g.net/mmnzX

Categories
Security Updates

New Windows 7 Exploit Revealed

Still running Windows 7 in your Home or Business? Microsoft recently announced another vulnerability that can be executed simply by visiting a website.

We can help provide solutions Windows 7 to make it more secure, or upgrade to Windows 10! Contact us for more information.

Microsoft Update:
https://portal.msrc.microsoft.com/…/secu…/advisory/ADV200001