A less than secure padlock, hold off on Fortnite and school board woes
Welcome to Cyber Security Today. It’s Wednesday June 20th. To hear the podcast, click on the arrow below:
Cyber security is on the minds of many people, so new security products are pouring on the market. But that doesn’t mean all of them are secure. The Register has a story on a recently-released padlock from a new company called Tapplock that uses a fingerprint reader for unlocking. Why not? No key to lose, no combination to remember. But initially, this lock was less than secure. It uses Bluetooth to link to a smart phone, and uses its address to calculate a key used to lock and unlock the device. A researcher found that could be hacked. The manufacturer has since issued a software update. But researchers also found the back of the lock could be twisted open. A new version of the lock has fixed that.
This is a reminder to consumers that not all security products have to be wireless and use biometrics. It’s also a warning to manufacturers to be tougher when testing new products.
Listeners know that I advise people to put as few apps as possible on their smart phones. That’s because it’s easy to publish a malicious app on the Web. Here’s another example: A new game called Fortnite is sweeping the world. Lots of Android phone users want it on their device. However, Fortnite is only made for Apple, xBox, PlayStation 4 and Windows PC devices. There isn’t an Android version yet. So stop searching for “how to install Fortnite on Android.” That will only lead to malware on your device. The manufacturer promises there will be an Android version shortly. Until then, relax.
Finally, here’s another example of how people are the worst weak points in security. According to Databreaches.net, the Chicago school board sent a letter to parents on how to review schools their child is eligible to enroll at. Included was a link to a file on the Blackboard learning portal used by the board. However, that file contained phone numbers and email addresses on 3,700 students and parents, including students’ name and ID numbers. No password needed to access the file. Someone had apparently uploaded the wrong file to the portal. Apparently, it wasn’t the first time.
It’s easy to make a mistake when you’re in a rush. But with all things Internet, it’s vital everyone take their time.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.