New iPhone/Mac Vulnerabilities That Can Impact Your Business

Standard

 

Recently Apple was hit with two big issues in the same month. These gave rise to concerns that Apple products might not be as secure as most think. The first of the two came in the form of a text message that can be sent to Apple iPhones.

The text, which is entirely in Arabic, can be sent to anyone with an iPhone, and it will immediately shut down the phone. While this is more of an annoying bug than a security concern (although it definitely can be viewed as a security concern, depending on the owner of the phone and his/her need for uptime), it doesn’t seem to be harmful to the devices. Users in the  Reddit.com forums found the bug, and it appears they did so by accident.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

If your phone receives the dreaded text message, you will need to turn on your phone and delete that message. One workaround to the text issue is to go into the settings,and turn off text message previews that appear on the home screen. Apple is aware of the bug and will resolve the issue in its latest update, which should be coming very soon.

The second security concern, and one that is very critical to businesses is the latest exploit which allows someone to put a permanent backdoor onto your Mac by rewriting the firmware for the BIOS to allow remote connection to the device. This affects all Macs older than mid-2014.

The reason this security concern is so troubling is, unlike other types of exploits, where if you were to be hacked you could wipe your hard drive and start clean with the appropriate updates, this targets the BIOS, meaning no matter how often you wipe your hard drive, hackers can exploit the vulnerability over and over again.

The vulnerability can be enacted as soon as a machine is woken from Sleep Mode. The security researcher who found the exploit, Pedro Vilaca, stated you can stop your machine from going into Sleep Mode to bypass the exploit. However, Apple is aware of the exploit and should patch it soon. Vilaca also stated that this is very similar to last year’s “Thunderstrike Proof-of-Concept” exploit.

While nothing will protect against this current exploit (i.e. antivirus, anti-malware), it does show that as Macs become more popular, holes are being found in the OS and, in this case, in the hardware itself. Business owners must be aware of both where their employees go on the Internet and how to protect their assets from hacking attempts.

Everon offers antivirus for Macs, as well as PCs, with a product called Webroot Secure Anywhere. We can assist in setting up hardware proxies that will prevent unauthorized access to the Internet. If you have any questions about what we can do for your Apple environment, feel free to call our techs at 1-888-244-1748 (or email at info@everonit.com). We’re here for you. Twenty-four/seven, 365.

——-

You may also like:

 

Physical Ways to Protect Your Network From Being Hacked

Standard

 

There are all kinds of security threats to a company’s network, and while no security is foolproof, there are things you can do to help maintain your network’s integrity.

To protect individual computers, you should disable a computer’s ability to automatically install new USB drives. This prevents malicious software from instantly loading when a device is plugged in. However, this will only affect the new devices from being installed. Your keyboards and mice will still work.

maninthemiddleattackOne of the best ways to prevent physical devices on the network from being hacked is to prevent access to them. Securing routers and modems in areas that are open to the public will prevent someone from tampering with them. Additionally, enforcing controlled access to network rooms helps prevent man-in-the middle attacks. Controlled access should apply to the server room, as well, to prevent someone from plugging in a USB with malicious programs, or uploading a virus directly to the server.

MantrapHowever, having a secured entry to locations has its weakness, too — mostly unintentional, human error. The most common mistake is kindness to other people. This sounds bad, I know, but it can be dangerous to hold a door for someone. Or to let in someone in who forgot his/her key card. The bad guys will try to play on the kindness of others. There is also tailgating — when someone with access to an area opens the door, and then another person catches the door before it closes. This is one way criminals gain access to secured areas without the necessary credentials. The best protection against tailgating is a mantrap (no, we are not talking about Indiana Jones-type traps). A mantrap is created when you have to go through two doors to access the secure room, preferably with a hallway between the two doors. This method traps the tailgater in-between the two doors and helps prevent access to the secure area. 

These are easy ways you can help prevent physical devices from being tampered with. And your network from being hacked. If you have any questions, or would like to discuss further security options for your company, please give us a call at 888-244-1748. Or email us at info@everonit.com. We’re here for you 24/7, 365.

 

 

Can Your TV Steal Your Information?

Standard

Hacker

This morning Samsung revealed to customers that there is a possibility that its Smart TVs are listening to your conversations and sending your data off to a third party company. It’s warning users not to talk about sensitive and personal details in front of their TVs.

This warning sounds like something out of a sci-fy movie, but, unfortunately, it’s here.

Samsung states they want to be as transparent as possible, so in an effort to do so, they mentioned that if users utilized the voice recognition software on their Smart TVs, what they say can be picked up by a third party. The assumption is that the third party picking up the data is the voice-to-text translation software. To further clarify Samsung’s comments in their privacy policy, they reiterate that they are not selling any data or storing any data themselves.

This is not the first time we have heard about your devices listening and watching, and unfortunately will not be the last. Since technology has gotten better, many items that have voice recognition and listening capabilities are subject to being hijacked, in order for hackers to get your data.

In 2013, LG was found to be storing important information from their Smart TVs. They have since created a software update that has stopped this functionality, but not before it was discovered by an end user. (That information can be found here.)

For a long time, too, the XBox Kinect, with its listening and viewing powers, has been at the forefront of concerns about its security. Microsoft’s take on this is that you can turn the Kinect off, so it is not always viewing and listening. However, it is reasonable to assume that even with the device off, if the XBox, itself, is connected to the Internet, a hacker will find a way through eventually. If it hasn’t already happened, that is.

Just a few months ago, it was revealed that a Russian website had hacked thousands of baby monitors and displayed their feeds online for anyone to see. Once this site was outed and taken down, the bold hacker posted his resume online, in an attempt to get a proper job based on his elite hacking skills.

Instances like these should not be taken lightly. It goes to show just how important basic security for your home network has become. (In Samsung’s case, they state that users can opt to turn off the voice-activation feature, on the “Settings” within their Smart TVs.) In this age of always wanting to be connected to the Internet, end users are constantly getting hacked and exploited.

This informational sitegives a great view of the hacking breaches throughout the world (that are known). The data is pretty damning. Hacking is becoming a common occurrence, and it is believed that foreign governments could be driving this onslaught. In the case of Anthem, it has been speculated that China is involved, and in the case of the Sony Pictures hack, it is widely believed that North Korea was the culprit.

We have discussed on our blog many times on how to protect yourself (start by checking here, here, here, and here). In 2015 it seems as if the need to protect yourself has never been more apparent.

Stay tuned tomorrow, when we’ll publish a basic primer on home network security. And remember, if you have questions or need help getting set up, you can always contact us at Everon (888-244-1748, or info@everonit.com). We’re here for you, 24/7, 365.

 

Tech Tips for Techs: The Cipher Command

Standard

 

For many technicians, reusing a computer is part of the job. We have taken many computers, formatted the hard drives, re-installed OSes, and re-purposed the machines for other uses.

Did you know that when you reformat a hard drive through the standard Windows methods (i.e. deleting the partition during your Windows 7/Windows 8 install), you actually leave behind traces of your old OS? Reformatting a drive does not get rid of all of the data. In order to do that, you want to overwrite any existing data present with 0s (technical term referring to binary code).

How is this possible? Windows actually has a pretty cool built-in tool for handling this, called cipher.exe.

cipher

Cipher was built to encrypt and decrypt files and folders, but it can be used to overwrite data as well. Simply put, in order to securely overwrite your partition with 0s, open a CMD prompt and type: cipher /w:{drive letter}:

You can actually overwrite individual folders as well, just by adding the folder name onto the cipher CMD, like this: cipher /w:{drive letter}:\{folder name}

You can also encrypt files by using the CMD: cipher /e (files and folders that are later added to this option will also be encrypted)

And, of course, you can decrypt files by using the CMD: cipher /d (same as above, any files and folders added later are decrypted by default)

For a complete list of commands, type cipher /?

As with anything, really, this tool will make it a lot harder to recover any data that might have been on the hard drive. However, it is never a guarantee. Virtually anything can be recovered on a hard drive. Forensic companies use write-blocking devices approved by the Department of Defense, but that equipment is very expensive, and usually only in the hands of the good guys. Cipher.exe will protect you against most low-level bad guys looking to recover potentially harmful data off of your hard drive.

Security on a Mac: Setting Passwords & Locking your Screen

Standard

 

I use a Mac and a PC at my job, and one thing we fall victim to, if we do not lock our computer when we walk away, is we end up coming back to a desktop wallpaper of David Hasselhoff.

Knight Rider

You could wind up with this on your screen. Or worse.

So we are always told to lock our PCs. Fortunately, this is easy to do. You simply press the Windows key + L and it locks your machine (The Windows key is the key between ctrl and alt, that has the Windows flag on it).

But I also needed to find a way to lock my Mac — which isn’t as easy as the nice, two-key combo Microsoft has laid out for us.

You can lock a Mac through key combinations. In newer Macs, you can click control + shift + the power button, and you will see your screen go black, and if you tap any key on the keyboard, it will wake up the screen, and you can see that your Mac is locked.

However, in my case, I can’t even reach my power button, so this just won’t work. What I do (and I consider this the best and easiest way to lock a Mac) is to lock by using Keychain Access.

Keychain Access is the equivalent of Windows Credential Manager, in that it saves passwords that you frequently use on the Mac. In order to use Keychain Access for locking your Mac, you will, of course, need to set a password on your Mac (otherwise what’s the point in locking, if users can hit ‘return’ and go right into your Mac).

To set a password on a Mac, click on the Apple logo in the upper left-hand corner of the Mac, and go to System Preferences. From there you will see a location called Users & Groups.

Preferences

Inside Users & Groups, you will see your account listed. You might have to click on the lock, down in the lower left-hand corner, to make changes (if you do, it will require a password, and if you have none set, you can simply click OK). Once you have the ability to edit your account, click on it. You will see the location, next to your photo, that states Reset Password. This is where you will enter your password.

You can then click the lock to prevent further changes and move on to Keychain Access.

When you launch Keychain Access, you won’t need to do anything in the window that pops up, only in the Preferences for Keychain Access. To access Preferences, click on the words “Keychain Access” in the upper left-hand corner, and go to Preferences…

In Preferences, under the General tab, put a check mark where it states: Show keychain status in menu bar

Keychain

This adds an unlocked lock in the menu bar in the upper right hand corner of your Mac. If you now click on that icon, you have an option to ‘Lock Screen’.

Lock

It’s as simple as that!