We recently chatted about online privacy and other security issues with Robert Vamosi, award-winning tech journalist for Forbes.com and author of When Gadgets Betray Us: The Dark Side of our Infatuation with New Technologies. Vamosi says he was inspired to write the book – which he calls “the first hardware hacking book written for a mass audience” – because gadgets now outnumber the PC on the Internet by five to one.
Vamosi researched what examples of hardware hacking actually existed, and his book includes stories about real people who have had their gadgets betray them.
Indeed, while the majority of us are adept at updating the operating system and application software on our computers, most of us forget the importance of updating the software on our mobile phone, tablet, or even our TV.
The latter half of the book does express hope. Anonymous and aggregated location data from our cellular phones, for example, are currently used for online traffic conditions; it is also used for better online mapping and directions.
Vamosi weighs both sides in his book, and he argues that if we can agree how data can be collected and used, we might stand to benefit more than we lose.
Before you open the box and set up your new smartphone or iPad, take a few minutes to read his thoughts about online security, wifi safety, mobile viruses, the impact of the massive data breaches at Sony and Epsilon, and much more.
You obviously know a lot about preventing cybercrime, but what’s one thing that even you didn’t know about online security until you wrote the book?
Vamosi: I used to think the bad guys always needed to understand the programming code to hack it. Turns out, with hardware hacking, you only need gibberish code; often random characters are enough to crash a gadget. When it’s a pacemaker, or any of the electronic controls within the typical car today, that gibberish code can have lethal consequences.
Salon.com called the book “a revealing look at the dark underbelly of our rapidly advancing electronics,” but why do you think the average American doesn’t understand that our fun/flashy new tech devices are leaving us susceptible to hackers and cybercriminals?
Vamosi: We need to step back and remember that we’re in control of our gadgets. Most gadgets have configuration settings. Often there are options within those setting that don’t need to be enabled, or ways that you can otherwise opt out of data collection.
Social networking and Facebook are obviously very popular, but how — and WHY — do cybercriminals pounce on average people to exploit and hack their accounts?
Vamosi: Birthdates are often required to establish your identity; by putting your birthdate on a social networking site, you make it easy for the criminal to masquerade as you. Cybercriminals pounce on social networking information because it’s low-hanging fruit—and often it’s aggregated and republished on Pipl.com or Spokeo for all to see.
We’ve both written about Firesheep over the past several months, but how prevalent is hacking in public WiFi environments such as cafes and airports?
Vamosi: In truth, I haven’t seen a research study with actual numbers. But Albert Gonzalez used open wifi to steal credit cards from TJX back in 2005-2007, so we know the danger of using public wifi for commerce is real. Rather than avoiding public wifi altogether, we need to adopt different behaviors. We need a Private Mode for when we’re at home on a wired or encrypted wifi connection. And we need a Public Mode for when we’re on open wifi. Do your banking at home when in private, and only check the weather, sports scores, and other non-personal information when in public.
Most people use encryption or antivirus software for their home computer or personal laptop, but when it comes to protecting themselves while using their smartphone or tablet, most people don’t see the risk. Why is that, and how can we change that perception that using an iPad at Starbucks is somehow safer or less-deserving of security precautions?
Vamosi: There are mobile viruses, however, most are still written for the Symbian OS, which is popular outside the United States.
In terms of Apple and Google (and Microsoft) mobile OS, we’re just now seeing early versions of surveillance software for these. Until we monetize the mobile in the U.S., cybercriminals do not have much incentive to go after U.S. mobile users — although I think that will soon change.
Why do you think smart people are otherwise ignorant about those risks? This includes everyone – business travelers, doctors, engineers, teachers, and other educated people who hop on to free wireless but don’t worry about becoming a victim of identity theft or online fraud. What do you say to the person reading this article who thinks it won’t ever happen to them?
Vamosi: I wouldn’t say smart people are ignorant, it’s just that we don’t think like cybercriminals. Before the MelissaPC virus struck in 1999, most smart people didn’t think twice about opening email attachments. Same with the ILOVEYOU PC virus in 2000. As a result, Microsoft made changes to email, and antivirus products became a staple on the home PC, with home-based firewalls (previously limited to big corporations) following not far behind. It might be that we need a more modern example of a serious malware to educate people. However, my book argues that we shouldn’t wait for another dire example.
We just need to slow down with our gadgets and think as we’re opening the box and turning it on for the first time—how does it connect to other devices? And do I need really need all those connections? Bluetooth? Wifi?
That’s what enterprise IT staffs do: they set policy by turning off vendor-enabled features that could pose a security threat. We need to start by setting personal security policy at home.
Vamosi: I wrote this book to talk specifically about gadget-related data. The recent PlayStation 3 hack, for example, included names, email, and even birthdate information of the PlayStation Network members, but this was collateral damage.
What the criminals really wanted was free access to the games. Whether they monetize the identity information remains to be seen. Remember, after the Heartland Payment System breach in 2009 there were almost 130-million identities dumped on the black market.
So, identities today don’t generate as much money as they once did. But access to Sony’s gaming network—that’s priceless to cybercriminals — for now.