Cyberspace has become ever more entwined with physical reality, especially after the global pandemic forced a new population to work remotely. With every cutting-edge innovation that streamlines people’s lives comes new opportunities for bad actors to exploit the system. Knowing what cyber threats are out there can help you take precautions to protect your privacy.
The Threat Is Real and Growing
According to the United Nations, cybercrime skyrocketed during the global pandemic with a 600 percent increase in malicious emails. Without warning, much of the world was thrown into isolation and forced to communicate with electronic devices. As organizations and businesses scrambled to set up systems to support their staff working from home, criminals seized the opportunity to profit from the new vulnerabilities caused by the upheaval. Here's a look at some of the most common threats.
What is Spyware?
Spyware is a type of malware — short for malicious software — that collects information about an individual, often without the user’s knowledge or consent. Spyware can be easily obtained by bad actors, who can then infect your devices. They may use email as a weapon through phishing and Trojan Horse attacks. Phishing is when an email that appears to be from a known or trusted correspondent, but it is actually from an impostor fishing for your data, arrives in your inbox. It is one of the oldest and most effective cyber threats. Trojan Horse malware looks legitimate but is not what it appears to be. It can be an attachment in an email or a link on social media and is designed to give the fraudster access to your data or control of your device. Be careful with your downloads and cautious when clicking links. Spyware can also access your devices through unsecured public WiFi connections and public charging stations. If you’re a frequent traveler, the need to use a charging station at an airport or hotel can leave your smartphone vulnerable to hacking. Once a fraudster gains access to your device they have the potential to:
-Acquire sensitive data such as call logs, text messages, and passwords
-Monitor your location
-Eavesdrop on conversations
-Control the camera on your device
-Activate and track your phone (even when turned off)
The Los Angeles County District Attorney’s office warns that criminals use “juice-jacking” to hijack your data when you plug your device into a USB public charging station and recommends taking precautions like using an AC power outlet and investing in a portable charger.
ID and Credit/Debit Card Vulnerabilities
Radio Frequency Identification (RFID) is a wireless system that uses electromagnetic fields to read and track tags attached to objects. The reader has an antenna that emits radio waves, which then receive signals back from the tag. Your passport, contactless credit card, and debit card are a few examples of objects embedded with RFID chips. Stores like Amazon Go and H&M use RFID technology to control their inventory. According to the National Institute of Standards and Technology (NIST), privacy rights may be compromised if an RFID system uses personally identifiable information for a purpose other than originally intended. They warn that as people possess more tagged items and networked RFID readers become more prevalent, “organizations may have the ability to combine and correlate data across applications to infer personal identity and location and build personal profiles that increase the privacy risk.”
Vehicle Key Fob Cloning
Insurance claims for stolen vehicles have escalated by 20 percent, according to British insurer LV, with keyless car theft accounting for a large proportion of the cases. In the US, Nick Bilton investigated the security flaws of remote car key fobs in the New York Times, explaining why he started keeping his car keys in the freezer after he witnessed his Toyota Prius being stolen by two teenagers in front of his own house in Los Angeles. Car key fobs use radio waves to constantly broadcast a security code that remotely unlocks the car door latch when the key fob is in close proximity to your vehicle. Because key fobs continually broadcast, if you leave your key fob lying on a table or loose in your pocket thieves can capture the signal with a Relay Attack (RA) device about the size of a smartphone, amplify the signal, open your car door and drive off within moments.
Electronic Toll Collection (ETC) – FasTrack and EZPass
Electronic toll systems use an antenna that reads a transponder tag on the vehicle at toll plazas to debit the fee from a user’s prepaid account. Although efficient for keeping traffic flowing, high-speed readers have also been identified elsewhere — on public roadways and buildings — and enable vehicle speed and location monitoring, as well as triggering surveillance cameras.
Company-Provided Devices and Legal Monitoring
If you carry a company-provided device, your employer is legally allowed to monitor the location and communication on that device. Many corporations do so with device management software (DMS). During the pandemic, as working at home became a necessity, the use of employee surveillance software to secretly scan screenshots, keystrokes and logins escalated. Employers monitor their workers’ productivity through webcams and by reading emails. Be aware that any device provided by your employer is likely to be running corporate spyware.
Most of us “Agree” to allow apps to access our devices, monitor our behavior and location, and use that data to target us with advertising, offers, and tailored information. Adware generates income for its developer when you respond to a stimulus by clicking an ad or answer a call to action. However, after being granted access to your device, what else can they monitor or discover about you?
Google Analytics is the most extensive website statistic service. Many advertisers use it to track consumer behavior. It can capture your location, the duration of your visit, IP address, browser, Internet provider, landing page, language, and much more. Social media apps like Facebook, Instagram, and Twitter also provide advertisers with an abundance of personal information, enabling a specific audience to be targeted down to their gender, age, hobbies, and particular interests.
Ninety percent of smartphones have location data enabled, which allows you to be targeted by geofencing, further blurring the difference between the real and virtual worlds. A geofence is a virtual boundary in a physical, real-life geographical location. Geofencing has many benevolent uses, such as alerting parents if a child leaves a designated area, or restricting the use of firearms to specific locations. However, geofencing technology is increasingly being used to target unknowing visitors at an event if they have location data enabled. Third parties are able to track your whereabouts and your attendance at social events, political rallies, sports arenas, and concerts. If you visit a park, shopping mall, neighborhood, or foreign city as a tourist, geofencing can target you with related ads. How much privacy are you willing to give up?
EDEC digital security products include Faraday bags to protect your electronic devices from hacking and surveillance, webcam covers to protect your privacy, and USB Data Blockers that allow you to safely charge your phone.