Be careful buying GPS trackers for keeping an eye on kids, a global company exposes customer email and a report on the extent of crimeware.
Welcome to Cyber Security Today. It’s Friday September 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
It’s a terrible thing to always have to worry where your children are and if they’re safe. But to meet this demand some electronics companies are selling GPS trackers kids carry — like a watch or a keychain fob — so you can keep an eye on them. Most send off a signal mom and dad can read off their cellphone or tablet through a mobile app. But these supposed helpers may come with security problems, says security vendor Avast. It studied 29 models made by a Chinese company and sold under different names and found problems.
First, the mobile app has to be downloaded from an unsecured website, exposing the users’ information. Second, design flaws in the trackers can also enable someone to fake the user’s location, or access the microphone for eavesdropping. Third, the default password is 123456, which can be hacked. As you all know, default passwords have to be changed. But Avast says as many as 600,000 buyers of these devices still use the default password. The takeaway: Don’t buy cheap or knock-off Internet-connected devices. And make sure if you have to download an app it comes from a reputable company whose website and online service are secure.
This week’s Ooopsy Award goes to DK-Lok, a South Korean manufacturer of industrial pipes, valves and fittings which sells products around the world. Why? Because security researchers at vpnMentor discovered an email database at the company hadn’t been properly protected from unauthorized Internet access. As a result researchers could read messages marked private and confidential between DK-Lok staff and customers in Canada, the U.S., Germany, France, Russia, Brazil and other countries. These messages included names, email addresses, product prices and quotes, project bids, travel arrangements and more. As the researchers note in a blog, this is bad for the company’s reputation. More so because the researchers’ warning emails to DK-Lok about the data breach seemed to be ignored.
Finally, with the regular reports of data breaches you may think police aren’t getting anywhere shutting down cybercrime. Well, now there’s some scientific evidence to back that up. A report this week from Chronicle, the cybersecurity unit of Google’s parent company, Alphabet, found that usually within six months of law enforcement action against crimeware gangs and their distribution infrastructure the amount of malware floating around the Internet goes back up. Despite the increasing number of arrests law enforcement operations are frequently hobbled by outdated laws and complex barriers to co-operation with the private sector, says the report. The report adds that it’s likely recent arrests are merely “culling the herd” of criminals that than impacting organized operations. The fact is crimeware — including stealing of data for resale and ransomware — is big business.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.