Watch this video from the Office of Justice to learn the signs that a site and hotspot are encrypted so you can protect your personal information when using public Wi-Fi hotspots.
Attend a public workshop on June 28, 2017 to voice your concerns…
Connected Cars: Privacy, Security Issues Related to Connected, Automated Vehicles
The Federal Trade Commission and the National Highway Traffic Safety Administration (NHTSA) will hold a workshop on June 28, 2017 in Washington, D.C., to examine the consumer privacy and security issues posed by automated and connected motor vehicles.
The workshop will feature opening remarks by Acting FTC Chairman Maureen K. Ohlhausen and will bring together a variety of stakeholders, including industry representatives, consumer advocates, academics, and government regulators, to discuss various issues related to connected and automated vehicles that collect data. They include:
Modern motor vehicles increasingly are being equipped with technologies that enable them to access information via the Internet and gather, store and transmit data for entertainment, performance and safety purposes. Automated vehicles, vehicles with Vehicle-to-Vehicle Communications technology, and other connected vehicles (i.e. with some form of wireless connectivity) can provide important benefits to consumers and have the potential to revolutionize motor vehicle safety. At the same time, these automated and connected vehicles are expected to generate an enormous amount of data, some of which will be personal and sensitive, such as real time precise geolocation data and the contents of driver communications that result when drivers connect their mobile phones to a vehicle’s computer system. The workshop will explore the consumer privacy and security issues that automated and connected vehicles pose.
The FTC and NHTSA invite comments from the public on the topics this workshop will cover. For further information on the workshop and the public comment process, including a list of suggested questions open for comment, please see the workshop’s detailed public notice.
The workshop, which is free and open to the public, will be at the FTC’s Constitution Center, 400 7th St., SW, Washington, DC. It will be webcast live on the FTC’s website. Registration information, an agenda, directions to the FTC’s Constitution Center building, and a list of speakers will be available in the near future on the event webpage. Advance registration is not required but is strongly encouraged.
Imagine if everything on your computer was “kidnapped” — including all of your precious family photos and important personal documents. And the only way you could access any of it again was if you paid a lot of money — or bitcoins — to a hacker. Even if you pay, there’s no guarantee you’ll get your stuff back.
Sounds like something out of a movie, right? Unfortunately, it’s happening in real life. It’s called ransomware. You might’ve heard news stories about ransomware attacks on hospitals, universities, and other large organizations, too.
Hackers do it by encrypting files on your computer — and files you’ve saved to connected hard drives or any shared folders. Once the files are encrypted you won’t be able to open them without the encryption key — which you can get only if you pay the amount hackers demand. That could be hundreds or thousands of dollars.
It’s a serious problem. That’s why the FTC is holding a ransomware event on September 7 in Washington, DC. We’ll talk with security experts, law enforcers, and others about what steps people and businesses can take to protect their computers — and what to do if you’re a victim.
Check out the event details — it’s free and open to the public. Or tune in to the webcast — we’ll post the link here a few minutes before the event starts. In the meantime, check out this video on protecting your computer from malware:
How did they do it? Used an iphone to take a picture of the key and then upload the pic to a key generating website or key making kiosk. Voila! Key to the home!
When I broke into my neighbor’s home earlier this week, I didn’t use any cat burglar skills. I don’t know how to pick locks. I’m not even sure how to use a crowbar. It turns out all anyone needs to invade a friend’s apartment is an off switch for their conscience and an iPhone.
This was done politely: I even warned him the day before. My neighbor lives on the second floor of a Brooklyn walk-up, so when I came to his front door he tossed me a pair of keys rather than walk down the stairs to let me in. I opened the door, climbed the stairs, and handed his keys back to him. We chatted about our weekends. I drank a glass of water. Then I let him know that I would be back soon to gain unauthorized access to his home.
Less than an hour later, I owned a key to his front door.
What I didn’t tell my neighbor was that I spent about 30 seconds in the stairwell scanning his keys with software that would let me reproduce them with no specialized skills whatsoever. The iPhone app I used wasn’t intended for anything so nefarious: KeyMe was designed to let anyone photograph their keys and upload them to the company’s servers. From there, they can be 3-D printed and mail-ordered in a variety of novelty shapes, from a bottle opener to Kanye West’s head. Or they can be cut from blanks at one of KeyMe’s five kiosks in the New York City area.
>Parking valets suddenly require a ludicrous level of trust.
I copied my neighbor’s keys at a KeyMe kiosk about a mile from his house, inside a Rite Aid drugstore. After logging in on a fingerprint scanner and choosing my neighbor’s keys from all the keys I’d uploaded, I watched on the machine’s screen as a grandfatherly cartoon figure with a white mustache and spectacles cut them. Seconds later the keys dropped into a box at the front of the kiosk, still warm to the touch. The next morning I let myself into my neighbor’s apartment and interrupted him reading a book about the German battleship Bismarck.
Services like KeyMe, along with competitors like KeysDuplicated and the Belgian Keysave, promise to forever solve the problem of lockouts and lost keys using clever combinations of smartphone scans, automated key-cutting machines and 3D-printing. Like a “forgot my password” function for physical security, they let you upload your coded chunks of metal to the cloud, where you can access and duplicate them, or even email them to a friend staying at your place.
Such services also enable jerks like me to steal your keys any time they get a moment alone with them. Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger—or friend—can upload your keys to their online collection. The trick is far easier than having them copied at a hardware store. KeyMe says it will even duplicate keys marked “do not duplicate,” including some high-security keys sold by Medeco, Mul-T-lock and Schlage. Parking valets suddenly require a ludicrous level of trust: KeyMe already allows some car keys to be scanned and mail-ordered; KeysDuplicated says that feature is on the way.
New York-based KeyMe reassures users on its website that “only you can scan your keys” and its “scanning process is designed to strictly prevent any use of flyby pictures.” It claims keys can only be scanned when removed from the keychain (Not so; I left my neighbor’s on his ring) and must be scanned on both sides against a white background from 4 inches away. None of that posed a problem making my stairwell creep-scans.
KeysDuplicated, based in San Francisco, doesn’t make any claims about requiring close-ups for its keyshots. But its CEO Ali Rahimi wrote in a statement to WIRED that “we’re not a convenient service for anyone who wants to copy keys
surreptitiously.” The company’s site argues thieves have always been able to measure keys with a key gauge or imprint them in clay to create duplicates. But I have no idea how to do either of those things, and I nonetheless found breaking into my neighbor’s house with a smartphone scan to be pretty idiot-proof.
When I spoke with KeyMe founder and CEO Greg Marsh, he offered another argument: Digitally reproducing keys is safer than other methods because it leaves a digital trail with KeyMe’s account information, credit card records, and its kiosk fingerprint scanners. “We have all this accountability and data that doesn’t exist when you make keys with traditional methods,” Marsh says. “If a key was found to be used maliciously, we have a clear path to find out who was responsible.”
USB Killer 2.0: A harmless-looking USB stick that destroys computers
Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0.
When plugged into a computer, the deadly USB draws power from the device itself. With the help of a voltage converter the device’s capacitors are charged to 220V, and it releases a negative electric surge into the USB port.
This surge “fries” the USB port and, in the researcher’s demonstration, the motherboard – perhaps not always after the first surge, but the malicious USB device repeats the process until no more power can be drawn.
He noted that it’s unlikely that the hard disk and the information on it was damaged.
“In my experience and testing, most systems have the USB 5v supply isolated from other supplies so the hard drive, cpu, memory and other components will still work, but the mainboard and itself is not going to boot again without replacing the PCH, power regulation, and several supporting components,” Joe Fitzpatrick, consultant and researcher at SecuringHardware.com, commented on Ars Technica’s site.
“Some newer platforms have the CPU and PCH in a single chip, I expect that the whole chip would be fried in that case. My reading of USBKiller 2.0 is that the -220V is applied to the USB data pins. This results in just the USB controller, again likely just the PCH, getting fried. It is less likely to harm the other components in the system.”
The attack is not limited to computers, Dark Purple says. The device is able to incapacitate almost any equipment equipped with USB Host interface – phones, routers, modems, TVs, etc.
“The design for a USBkiller is pretty simple for anyone familiar with power regulation circuitry, there’s no doubt in my mind that it’s doable. But it’s probably a good thing no design details have been published,” concluded Fitzpatrick.
Dark Purple was also the creator of the first iteration of USB Killer, which pumped 110 volts into the target devices.