Are You Foolishly Thinking More About The Weather Forecast or Traffic Conditions Than Your Financial/Computer Security?
By Nick Ashton, Founder, CEO,
Tracometry Group of Companies.
There are hundreds of thousands of Hackers, Phishers and Man in the Middle Brutal Attackers after your information. Not just from your computers, smart mobiles and tablets, from your action in making purchases at stores, using ATM's and accessing the corporate databases for business.
Day after day, hour after hour they are searching for fools who leave the door wide open for them to steal from you and your company and inflict harm in ways that anger you after the fact.
CommSmart US has been at the forefront of bringing notice of the issues via all mediums and some think we are just hyping the situation to sell solutions.
Our stable of solutions are effective and necessary, especially our foundation security with KEYTALK. All that we do is base-lined with computer security of authentication and a secure connection. There are no if, buts or wherefores regarding the threats.
To recap the KEYTALK solution:
All information being transmitted via our KEYTALK secure connections.
KeyTalk, is a two factor authentication, using your device as the second factor, the device DNA, generating a well tried and tested patented and propriety break-through with a 2SSL peer to peer communication channel.
Over any untrusted (internet) connection, which means that you are totally secure at the hotel or public Wi-Fi Hot Spot. (Note the use within a Wi-Fi Hotspot!)
The user is automatically connected, as the device DNA is recognized and receives a short lived device certificate, using a corresponding key pair between 2048 through 4096 bit RSA encryption, which changes automatically on every connection.
KeyTalk’s device authentication has the advantage of PKI, but as a Private Key.
The short lived access keys are configurable, duration, from minutes thru hours, completely transparent to the end user and standard server configurations.
KeyTalk generates an intrusion proof, end to end, data in motion channel.
Invisible, anonymous and totally secure.
Now read on from the Daily Mail on the following issue:
How thieves can use your mobile to empty your bank account via dodgy public WiFi connections and 'bluesnarfing'
Every day, hundreds of thousands of us pop into coffee shops. While we sip our cappuccinos, we may connect our smartphones to the cafes’ Wi-Fi network, and catch up with friends via services such as Facebook.
As well as socialising, we may use the time and free access to a wireless connection to get on top of our finances. That £75 you owe the plumber can be paid instantly by accessing your bank’s website or app. Transferring money from your savings account to your current account is nothing more than a few taps on your screen.
But what coffee drinkers do not suspect is that lurking among their fellow latte lovers are bank robbers. Unlike the figures of popular imagination, these thieves will not be wearing stockings over their head or brandishing a sawn-off shotgun.
Instead, the thief could be that smartly dressed middle-aged man hunched over his laptop, seemingly catching up on his emails. Or maybe it’s the student in the corner, chatting to a friend on his phone while tapping at a tablet computer.
Unbeknown to you, this modern form of bank robber is silently harvesting all your private data. The only sign of his thievery is perhaps a little smile as your bank log-in details appear on his screen, ready for him to copy and paste before plundering your account within seconds of you finishing your coffee.
In short, you’ve just been mugged — but you’ll only realise when you later go to a cash machine to withdraw some money, and discover that every penny in your account has been cleared out.
During an anxious phone call to the bank, you’ll learn that an online thief has hacked into your account and stolen all your money.
Although the bank will usually restore your balance, they won’t be able to restore the feeling of security you had before the cyber robbery.
‘When I first found out that it had happened to me I felt utterly violated,’ says Pam Clover, 40, a marketing consultant and mother-of-three from Salisbury, Wiltshire.
‘After all, your bank details are some of the most private things you have, and somehow a complete stranger had gained access to mine. My first question was: “How had he done it?”’
Increasingly, the most likely answer to that question is through your smartphone. Although we like to think that our devices are secure, it is disturbingly easy for criminals to access them.
As the banks are not obliged to report to the police every time a breach of their security takes place, it is very hard to establish the size of the problem. However, according to internet security experts, it is a growing menace.
‘This is a real challenge for our industry,’ says James Lyne, the global head of security research for the Oxford-based firm Sophos, which provides data protection services to businesses. ‘There’s undoubtedly a lot of this type of crime going on, and it is going unreported.’
There are two main ways in which thieves can access your smartphone
One route is through your phone’s wireless ‘Bluetooth’ function, which, when switched on, allows it to ‘talk’ to other enabled devices nearby. This means that a hacker sitting near you can use his Bluetooth-enabled laptop to connect to your device without your knowledge. This process is sometimes called ‘bluejacking’ or, more properly, ‘bluesnarfing’ (from the slang word ‘snarf’ which means to eat, drink or devour).
However, this is relatively rare. The more common method is for crooks to use your smartphone’s Wi-Fi connection. They rely on the fact that most of us are blase about the security of the networks we connect to.
For example, when you are in a coffee shop, your smartphone will present you with a list of available Wi-Fi networks that you can use to connect your phone to the internet. The majority of these networks are run by legitimate companies, but sometimes they are actually created by a criminal sitting nearby with little more than a laptop.
These networks are often given innocent-sounding names, such as ‘Free Public Wi-Fi’, that gull smartphone users into logging in. On the surface, everything seems normal, and you will be able to connect just as you would with a legitimate Wi-Fi service.
However, because you have connected to a network controlled by a thief, he can monitor everything you do, enabling him to vacuum up passwords and login details for your bank account.
In fact, the process is so simple that the thieves can steal thousands of pounds in just a few hours while sitting in their local Starbucks.
In order to show just how easy it is — and quite how trusting people are — the security firm Sophos decided to set up its own Wi-Fi networks on the streets of London to prove how much data it could capture. The firm sent head of security research James Lyne to tour the capital on a bicycle equipped with its own Wi-Fi generator, under various names:
‘FreePublicWifi’, ‘Free Internet’, and even, somewhat cheekily, ‘DO NOT CONNECT’.
Within three hours, 2,907 people had connected to his network. One hundred and three of those used it to access a banking service. Had Mr Lyne been a criminal, he could have easily accessed their accounts and helped himself to their money. Even if he had skimmed just £100 from each account, he would have made over £10,000 — not bad for a morning’s work.
‘This willingness to connect to any wireless network that professes to offer free Wi-Fi, without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it,’ says Mr Lyne.
For victims such as Mrs Clover, the idea of using her smartphone — or even her computer — to access her bank account is now distinctly unappealing.
‘The whole experience has made me want to go nowhere near internet banking ever again,’ she says. ‘Yes, I know how practical it is, but I’m going to for ever worry that someone is spying on me.’
Thankfully, there are ways to beat the robbers. By far the best way is to set up your own Virtual Private Network (VPN) on your computer at home. Then, when you are using a public Wi-Fi hotspot, you can use your smartphone to connect to your home computer, and use its secure connection to the internet to access web pages safely.
However, this is clearly technically challenging and most of us would need help from an IT expert to do this. Nevertheless, Mr Lyne urges smartphone users to establish their own VPNs.
Another way to stay secure is to make sure that any supposedly secure webpages you look at feature a little padlock in the address bar, as well as the preface ‘https’ rather than ‘http’. This means that the page is secure, and not visible to others.
Third, make sure that you regularly install the suggested updates for your smartphone’s browser software. ‘This is a really boring thing to say,’ says Mr Lyne, ‘but I can’t stress it enough. These updates contain all the latest tools for combating hackers, who like nothing better than out-of-date browsers.’
Ultimately, the best defence is to use common sense, and to only access private information over the web when you are absolutely sure that the Wi-Fi network is legitimate. If you have your doubts, then put down your smartphone, and leave it for later.
Perhaps then, instead of flicking through your phone while you have your macchiato, you might talk to a friend or read that book you’ve been meaning to get around to.
We thank Guy Walters for his insight and perspective.
KEYTALK is our security foundation for the following:
The CommSmart US’s Total Recall Solution comprises of:
- Action In Motion software for the authorized Smart Mobile Phones/Tablets, software interface for security command data servers.
- Secure Comms BB which is the mobile hardware to provide 100% connectivity via mobile phone data providers and the solution.
- KEYTALK Secure Connection
- Certified Training for secure usage and evidence gathering.
CommSmart US’s Total Recall Solution is unique in its full security of all data, video, audio and images.
Do not ever forget this, as tomorrow never comes, it is always today…
WE are in the NOW and
KEEP YOU; in the KNOW…
Call: +1 (317) 426.0110
Key Talk – Man-In-The-Middle, Hacking & Phishing Solutions
Straight Talking… Key Talking…
Galveston, Texas, Indianapolis, Indiana, London, U.K., Netherlands, K.L. Malaysia