nigel99 138 #1 Posted May 12, 2020 https://www.bbc.com/future/article/20200511-how-smart-home-devices-are-being-used-for-domestic-abuse Fascinating article that is very close to my heart. I work with IoT and over the last 3 years have been immersed in the world of domestic violence and stalking due to circumstances at home. I’m fairly tech savvy but made the mistake of allowing the stalker into the house last year (it’s not a relationship we can simply end, due to children and custody). It took 4-5 months before I realised that the cctv system had the default password and as he had seen the unit the nice QR code that allows you to link to the device over internet. So 10 seconds with a smart phone and unfettered access to front and rear of my house. I only found it by luck, I logged in remotely and was locked out by another user accessing the system. Pretty confronting when we realised why he always seemed to know when we were home or not. Especially that the back garden is where we sit and talk and spend time as a couple. Quote Share this post Link to post Share on other sites
turtlespeed 212 #2 May 12, 2020 1 hour ago, nigel99 said: https://www.bbc.com/future/article/20200511-how-smart-home-devices-are-being-used-for-domestic-abuse Fascinating article that is very close to my heart. I work with IoT and over the last 3 years have been immersed in the world of domestic violence and stalking due to circumstances at home. I’m fairly tech savvy but made the mistake of allowing the stalker into the house last year (it’s not a relationship we can simply end, due to children and custody). It took 4-5 months before I realised that the cctv system had the default password and as he had seen the unit the nice QR code that allows you to link to the device over internet. So 10 seconds with a smart phone and unfettered access to front and rear of my house. I only found it by luck, I logged in remotely and was locked out by another user accessing the system. Pretty confronting when we realised why he always seemed to know when we were home or not. Especially that the back garden is where we sit and talk and spend time as a couple. Damn, Nigel. Is everything back up and secure now? Quote Share this post Link to post Share on other sites
nigel99 138 #3 May 12, 2020 1 hour ago, turtlespeed said: Damn, Nigel. Is everything back up and secure now? Yes. It’s taken a while as being partners ex he knew a lot of the stuff people get asked so it was like playing that prairie dog game where they keep popping up. But everything two factored and sorted out. 1 Quote Share this post Link to post Share on other sites
a10warthog 2 #4 May 12, 2020 Connected device security is close to my heart. There are a lot of guides online that take an extremely high level approach to how to secure your connected devices, practical things that most consumer can do: https://www.cisecurity.org/newsletter/10-tips-to-securely-configure-your-new-devices/ If you have a home with many connected devices, you should absolutely implement those measures as a safeguard. In terms of general information security for the average person, there are some table stakes actions you can take there as well: enable 2 factor auth for EVERYTHING you do, use a password manager, take a free online phishing awareness course, learn about sketchy domains, etc.. We live in a time where the gallantry of the internet that many of us are familiar with is an antiquated model that fails to address many of the risks that we encounter using the internet for even an hour at a time, and we now spend most of our lives using the internet in some way shape or form. Be paranoid, don't click things you don't trust, don't buy connected devices whose manufactures skimped on basic security. The issue of "stalkerware", another malicious niche of software specifically designed to enable stalking and domestic abuse, is one that is being tackled some of the brightest names in security, notably Eva Galperin, Cybersecurity director at the EFF. If personal privacy issues are something you care about, I urge you to support the EFF, it's one of the strongest and most transparent organizations on the planet that's trying to protect us from exactly that. Quote Share this post Link to post Share on other sites
turtlespeed 212 #5 May 12, 2020 3 hours ago, a10warthog said: If personal privacy issues are something you care about, I urge you to support the EFF, it's one of the strongest and most transparent organizations on the planet that's trying to protect us from exactly that. Cool - Thanks. Quote Share this post Link to post Share on other sites
Guest #6 May 16, 2020 On 5/12/2020 at 3:36 PM, a10warthog said: Connected device security is close to my heart. There are a lot of guides online that take an extremely high level approach to how to secure your connected devices, practical things that most consumer can do: https://www.cisecurity.org/newsletter/10-tips-to-securely-configure-your-new-devices/ If you have a home with many connected devices, you should absolutely implement those measures as a safeguard. In terms of general information security for the average person, there are some table stakes actions you can take there as well: enable 2 factor auth for EVERYTHING you do, use a password manager, take a free online phishing awareness course, learn about sketchy domains, etc.. We live in a time where the gallantry of the internet that many of us are familiar with is an antiquated model that fails to address many of the risks that we encounter using the internet for even an hour at a time, and we now spend most of our lives using the internet in some way shape or form. Be paranoid, don't click things you don't trust, don't buy connected devices whose manufactures skimped on basic security. The issue of "stalkerware", another malicious niche of software specifically designed to enable stalking and domestic abuse, is one that is being tackled some of the brightest names in security, notably Eva Galperin, Cybersecurity director at the EFF. If personal privacy issues are something you care about, I urge you to support the EFF, it's one of the strongest and most transparent organizations on the planet that's trying to protect us from exactly that. Speaking as a IT guy I only have one recommendation: if you know what's good for you, keep that IoT sh** out of your home. I adore the EFF but like everything else (especially law), tech is a high-speed moving target and protections lag; that is, despite regulations a lot of consumer communication stuff is delivered without any security baked in, or it's an afterthought. I won't comment any further, but it's hard to believe that people just gleefully bring shiny new gadgets into their homes without considering the risks. Quote Share this post Link to post Share on other sites