Categories
Health Security Updates

Trojans and Privacy

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week is going to be brief. I know this is impacting our local community as much as myself so I still wanted to get an update out there! If you’re working from home I have tips in here for you as well so read on!

Our Tech Terms for this week are:

Trojan: This is a piece of software/app that is disguised as something useful but is actually Malware that will either damage your electronics or steal your information!

—Now onto the news—

The Trojans are coming!

Firstly a warning about Corona virus app based scams. I know many of us are scared and want to have more access to information and the bad guys know that as well! I’ve seen reports of apps that disguise themselves as Corona virus trackers. These apps will tell you that they provide real time GPS updates as people in your area become infected so you know what areas of your local neighborhoods to avoid.

Please remember that local officials normally do not release names or locations of people who become infected for everyone’s safety. So if an app is promising you information that nobody else seems to have, its probably a Trojan!

—Private Messages are not always private!—

It’s only natural for water cooler talk and general socializing to continue as people shift to work from home. If your company or school set you up with software so you can communicate directly with your co-workers please remember that those conversations do not come with any promise of privacy!

In general unless you are texting someone directly over the phone you should always assume someone can read what you are saying. Especially if someone else is providing the software you communicate on since you are there employee!

—Working from Home? Learning from Home? We can help remotely as well!—

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Security Updates

Android Bluetooth Vulnerability

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week I’ll be picking on your cellphone again, but only for Android users. So if you have an iPhone feel free to breathe a sigh of relief because you are safe!

Our Tech Terms for this week are:

Bluetooth: If you don’t already know Bluetooth is a means of wirelessly connecting two devices. The most common uses are when you connect your phone to your car, headphones, or headset. Bluetooth also allows you to share files between devices as well, which is how your car can see who is calling when the contact is on your phone.

Bluetooth Pairing: This is how two devices agree to communicate with each other. Lets use a small example on what it would look like to pair a phone to a car’s entertainment system.

1. Go to your car and find the Bluetooth settings

2. Tell your car you want to add a new phone

3. Go to your phone and then open your Bluetooth settings

4. Tell your phone you want to add a new device

5. Find your car from the list of available devices and select it

6. You are normally asked to enter a PIN Code that is displayed on the screen in your car to confirm

7. Your phone will ask you if you also want to share contacts with your car

8. Once accepted your phone is now permanently paired to that car until you unpair it or the settings are reset on the car’s entertainment system

Now onto the news

This exploit actually bypasses the Bluetooth pairing process completely. All that needs to happen is a hacker needs to be within close proximity to your cellphone and they can possibly execute code remotely. You will not be asked to pair your phone, you will not receive any notification, it will just happen!

Once the hacker has control over your Bluetooth they can perform any actions that Bluetooth is allowed to perform. This includes possibly steal your data, files, and even spread malware to other devices your phone is connected to!

To make problems worse not all phones will receive updates to fix this issue The reason being is manufacturers generally only provide security updates for your phone for three years from when the phone was first released. So if your phone is three years old or more you probably will not receive this update.

How do I know if my phone is vulnerable?

Your phone is vulnerable if you are running the following Android Versions and do not have the February Security Update from Google.

Android 8 also known as Android Oreo

Android 9 also known as Android Pie

Android 10 – the vulnerability is not as bad but you should still update your firmware.

If you are running a version older than 8 its possible you will be affected as well. The researchers have not done any research into that area since those phones are much older.

How to tell if you have the latest Android Security Patch?

The steps are different for some phones. In general you want to do the following steps:

1. Go into your Settings app

2. Go into System, then Advanced, then System Update

3. You’ll be able to see your Android Version and Security Patch in here

If February 2020 or later you are safe!

How can you keep yourself safe?
Here are Helpful Dave’s Tips!

DO: Always apply Security Updates when they are presented to you from your carrier or the Google Play store.

DON’T: Keep using Android Phones older than 3 years without checking your security version.

Please feel free to let us know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Categories
Security Updates

SIM Swap Attack

Weekly Tech News from Helpful Dave!

For this week I wanted to talk about the latest way criminals can steal your information.

It has something to do with your cellphone, but guess what? It’s not your fault! You didn’t download a bad app, or go to a bad website, or get phished via an e-mail. As a matter of fact if you have Two Factor Authentication setup via text message this attack actually allows criminals to bypass that too! Here’s where the kicker is, the person(s) responsible for giving away your personal information is actually your Carrier!

This article is going to have Tech Terms which are SIM Cards and Two Factor Authentication. If you don’t know what those are here is a primer:

—Tech Terms—

SIM card: The SIM card is how your mobile phone carrier (Verizon, T-Mobile, etc) knows where to direct all of your phone calls and text messages. Its normally a small physical card that is placed into your phone.

Two Factor Authentication: When you receive a text message or e-mail with a code to verify who you are when you try to login to certain websites or apps.

—Back to the News—

Recently a study was done by researchers at Princeton University and they used Verizon Wireless, T-Mobile, AT&T, Trafcone US, and US Mobile to learn how easy it would be to get them to send someone else’s SIM card to a would be criminal.

The attack works by tricking your cell phone carrier into sending the criminal a “replacement” SIM card that you never lost! Once a criminal gets your SIM card they can make and receive phone calls and texts with your number!

So here’s one way that it works:

The criminal first calls your cell phone carrier

Criminal: Yes, I need another SIM card.
Carrier: Okay I need your PIN number please.
Criminal: (Provides the wrong PIN number).
Carrier: That’s not correct.
Criminal: I’m so sorry I must’ve forgotten.
Carrier: No problem we can authenticate another way, can I please have….

Here’s where it gets tricky. Here’s a small list of what some providers ask for.

1. Full Name and Address: This information is easy to get. Someone can either find a nice house, walk up and grab a bill from the mailbox and now they have the full information. If they are in luck they can even grab your cell phone bill from the box as well. If they don’t know your carrier right away, they can just call all of them one at a time to see which one of them is correct.

2. Recent Numbers Dialed: Your carrier will ask the criminal for the last two numbers dialed or received in your phone log. This one people think is a bit trickier because how would the criminal know the last two numbers in my phone? Well its simple! They can call you and leave a message and if you call them back now they have the last two numbers!

How about this one as well, you are at large social gathering at a bar, restaurant, or maybe someone’s house that you know. Someone walks up to you and says “I lost my phone, can you do me a favor and call it?” All they need to do is have you do that twice and they have the last two numbers as well!

The most important thing to remember is your carrier doesn’t have a way of denying service to these criminals who continue to call. They might not have all the right information the first time they call up, but sometimes your provider actually gives up some of that information on the call! The criminal simply has to be persistent enough to continue calling and they can unfortunately sometimes find a way in!

How can you keep yourself safe? Here are Helpful Dave’s Tips!

DON’T: Use Two Factor TEXT based Authentication. Once a criminal has your SIM card they will be be able to receive text messages intended for you!

INSTEAD: Use an App Based Mobile Authenticator like Last Pass (http://www.lastpass.com), Google Authenticator, or Authy. An App Based Mobile Authenticator as the name suggests is actually an App installed on your phone. So even if a Criminal gets your SIM card they still can’t get access to your Two Factor codes because they are installed on your phone!

Our personal recommendation is Last Pass as it offers many more tools that include secure password storage, and an automatic password generator so you never have to think of a password again.

Here is a link to the study from Princeton: https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf

I hope this article proved informative and helpful to everyone! If anyone has any questions or has a news tip and want me to do a dive into it feel free to suggest in the comments below! If you want to stay up to date on Helpful Tech News please stay tuned for more!

If you liked the article and want to support us please use our affiliate link for Last Pass as we earn a commission if you sign up: https://lastpass.wo8g.net/mmnzX

Categories
Security Updates

New Windows 7 Exploit Revealed

Still running Windows 7 in your Home or Business? Microsoft recently announced another vulnerability that can be executed simply by visiting a website.

We can help provide solutions Windows 7 to make it more secure, or upgrade to Windows 10! Contact us for more information.

Microsoft Update:
https://portal.msrc.microsoft.com/…/secu…/advisory/ADV200001