How To Protect Your Family Against Hackers, From a Professional Hacker
Shut it down.
Despite what Hollywood would have you believe, most hackers aren’t chugging Monster Energy drinks while laughing maniacally at binary code, and they’re not testing the security of every nanny cam and laptop in America. But internet-savvy pederasts, cyberbullies, and identity thieves do exist, so a certain amount of parental technophobia is warranted.
Chris Hadnagy is the Chief Human Hacker at Social-Engineer.org and a parent who wants to make sure you worry about the right things. So, for example, not your kid’s Hello Barbie. “If you have to hack Mattel’s servers, it’s pretty far fetched that your neighbor is going to spy on your daughter,” he says. Hadnagy equates worrying about being majorly hacked like worrying about ninjas popping up your lawn. Could it happen? Sure. Will it happen? Not unless you’re Chuck Norris.
Focus, instead, on the mundane everyday stuff that you might not realize you should focus on, says Hadnagy. “I am worried about items that I put on my network with known vulnerabilities.”
Geotagging Hack
What It Is: Geotagging is that bit of data on your smartphone that tags photos with the location where a pic was taken, and it’s putting your kids at risk. Hadnagy says that if you go on vacation to Disney World, it’s fine to leave tagging on, because you don’t live there (although you would if a decent 2 bedroom opened up in Adventureland). But say you post a picture on Facebook of your kid on the front steps of their school? Now a stranger has a pin on a map.
How To Protect Against It: Hadnagy doesn’t play up the likelihood of this happening, because someone has to scrape that info from a social media photo. But he does say this type of hacking has become less challenging and we’ll see more of it in the future. It’s easy enough change location settings on your phone’s camera, so do it.
Wi-Fi Network Hack
What It Is: Even the guy who named his network MakeAmericaGreatAgain has a decently long password to protect it (It’s 5ecretlyV0ting7orHillary). But he probably hasn’t done anything to his router, which anyone can go in and reset using the default password.
How To Protect Against It:
- First, make sure you’re using WPA2 (Wi-Fi Protection Access) encryption on your network. If you’re using the inferior WEP (Wireless Encryption Protocol), you might be living in 2002.
- Know there’s a difference between that network your laptop connects to, which is secure, and the router it’s coming from (where the remote access password is still “password.”) Open up your Netgear (or Linksys, or Motorola…) manual and fix that.
- While you’re at it, turn off remote access. If you need to change settings, use a cable.
Password Manager Hack
What It Is: Strong passwords are a good deterrent, just like a robber doesn’t want to bother with a house that has a pit bull. But passwords are also long, clumsy, and honestly ain’t nobody got time for that. Password managers like 1Password are great at organization, just make sure you don’t store that master file with all of the data in the cloud, where data breaches have happened, and they’re worse than bad news.
How To Protect Against It: “[That file] should be an encrypted package on your hard drive,” says Hadnagy. “I tell clients, nobody wants to remember 50 passwords. You can use a password manager, or just use a series of patterns on the keyboard.”
Bluetooth Hack
What It Is: What are some of the nasty things Hadnagy can do with an open Bluetooth connection? “I can turn your phone mic on and listen to you. People think you have to be within a range, but you can be within a mile,” he says. Of course, Hadnagy also says that this kind of attack is targeted. Hackers aren’t walking down the street hoping someone has an open connection. They’re sitting in Starbucks.
How To Protect Against It: “If the device [you’re pairing with] is giving you the standard 0000 code, it’s vulnerable,” he says. “But, if it gives you a unique code I’m ok with it.”
Baby Cam Hack
What It Is: The two main ways that hackers get into your unsecured baby cam is by either Google dorking (not as sexy as it sounds) or downloading user manuals (yes, the same manual you just used to secure your router).
- Dorking. This is just using regular Google searches to find open cams. For instance, if a D-Link camera always has a URL of Dlink + camera number, hackers can do some quick math and search for more open URLs.
- Manuals. Another simple, but overlooked way to get access. Every camera owner is going to forget their password at some point, which is why manufacturers put that reset info in the manual. Now those instructions are sitting on their site waiting to be exploited.
How To Protect Against It: When you decide to spy on your baby, make sure that you’re the only one. Hadnagy says there are 3 things to look for in a safe nanny cam:
- Get a baby cam with a lot of administration settings. If you change that username and password as soon you set up your device it won’t matter if those creeps have the user manual.
- Have the ability to shut it off the device without being physically there. As with all technology, pulling the plug is a foolproof way of stopping the machines from rising up.
- A URL that isn’t public. If you’re able to easily watch your kid on your computer, chances are other people in the world can as well.
FLICKR / EOCELLUS
Credit Hack
What It Is: Adults can worry about phishing or vishing, but there’s a another form of online identity theft that’s targeted at people without crushing student loan debt or a mortgage. “I have 2 kids and never even checked their credit report,” says Hadnagy. “But if someone makes a fake identity, we’re never going to know [she was hacked] until she’s 18 and getting her first credit card.”
If you have anyone’s name, date of birth, and social security number you can make fake IDs. Fake IDs are submitted to credit card companies who don’t verify those names. Your 6-month-old just happens to have a stellar credit rating and, ta-da, some hacker is yachting around the Caspian Sea on your dime.
How To Protect Against It: If you think you’ve been compromised, credit reporting companies like Equifax can put a freeze on your kids’ account for 90 days, which will stop any transactions. That’s a quick fix, though, and you’ll need to be prepared to spend some serious time communicating with the credit agencies to restore your toddler to solvency.