Are you running any smart home devices?

[Mike Cutler]

The only advertised "smart device" I have is an LG Screen. I turned off all of the smart features I could, and it is just controlled via the Bose unit. I never connected the Bose WiFi capabilities. It runs off the IR remote it came with.

I'm not a fan of the "Smart Home" concept.

As an aside, I have a coworker with a very computer "adept" son. His son used to hack the home networks along the school bus route with his iPad just for fun. He wasn't doing anything malicious, he just did it for fun and as a challenge to see if he could. He also hacked some of the business networks along the route. He was an elementary/Jr. high school student at the time.
He was successful enough that the "authorities" were at his door one day.

[Jim Becker]

Depending on how yours is wired, the additional C wire may be easy. I think that on all 4 that I did, the wire was already in the wall, just cut back a bit. On the furnace end, the C wire doesn't actually go to power, it actually needs to go to ground on a 24V system. Since there were already some wires grounded, all I had to do was add the C (blue) wire into a bundle that had a wire nut on it already.

The wire in my shop is surface mounted...not in the wall. On the same page as the thermostat in Amazon, there's an entry for the C-wire adapter. For an additional charge, of course.

[Art Mann]

My whole work life has been spent in high technology and, naturally, I am incorporating several WiFi based home automation features into my new house. However, I will never own a device that uses voice recognition and an internet connection. This includes items such as the Amazon Echo or Google Home. That just opens up too much of an opportunity for Google, Amazon, or the government for that matter, to eavesdrop on my private conversations. As far as WiFi security goes, it is almost impossible for the average criminal to compromise a home WiFi network if the recommended security measures are followed. I am more afraid of someone using a sledge hammer to break in to my house than a burglar using highly sophisticated techniques to compromise my smart front door lock.

[Alan Caro]

Dennis Peacock,

A little learning is a dangerous thing, and I've made the mistake of skimming a lot of technology journals regarding AI and smart devices. The problem with my survey technique is that so often the feature that jumps out of the articles and papers are the ways by which every new technology is used against the users for commercial or criminal purpose. Notice how many more robo calls are coming over the phone despite do not call, nomorobo, and blockers? Last week, I noticed my main computer system was running strangely. When I opened the CPU activity monitor, I saw that all 16 threads were running simultaneously at nearly 100% and the GPU was at 62C- as hot as it gets. Those are conditions of maximum computer usage similar to running a very large, complex rendering. when I started a diagnostic program, all the parameters returned to idle. A little research revealed that this was a signal that my computer had been hijacked to min cryptocurrency. The crytocurrency frenzy has meant that hackers are finding idling devices and using them to mine cryptocurrency and this includes smartphones- anything with a processor. Remember the articles about surveillance hacking of Samsung smart TV's ? :

https://www.forbes.com/sites/thomasb.../#69bde17f4bcd

Keep in mind that anything that happens over the Internet might be seen, recorded, manipulated, and/or stolen. There was a robbery of nearly $500,000,000 of Bitcoins a week or so ago- untraceable ATM machines were hacked to spew 20's all over the ground. If ATMS' can be hacked, so can your computers, smart phone, refrigerator, and soon, your self-driving car. If the system running your CNC is Internet connected, it may be possible for someone to download the files for your business or duplicate proprietary designs.

In response, I have a Samsung Galaxy 4 probably permanently in the drawer and instead I'm using a $30, old-fashioned flip phone that is only on when I'm in the car and has the GPS turned off. I have a 1080p internet camera/ mic for Skype, but when not used it is unplugged as these can be turned on- sound and picture transmitted without the on light showing. I do have a Samsung Smart TV, but it is a recent one that cured the hacking potential, plus there is no cable connection and it is not directly connected to the internet, it runs through a computer. I use a VPN- a virtual private network, and run anti-virus and anti-malware programs at least twice a week. Instead of Google I use DuckDuckGo, a web search engine that does not keep any records.

I'm not a paranoid, conspiracy theorist; it's not necessary as the conspiracies and events are reality. A friend of mine in Switzerland spent $2,500 in one year on computer virus repair. It's not feasible to live without devices without processors and Internet connections but until the security situation improves significantly, my idea is to stay as invisible to hackers as possible. If I need to know whether I need milk, I'll open the refrigerator door and the dishwasher can be switched on at lights out by pressing "Start".

Alan

PS: If you disagree, please send me your PIN number and I'll check the security free of charge.

[Edwin Santos]

Dennis Peacock,

A little learning is a dangerous thing, and I've made the mistake of skimming a lot of technology journals regarding AI and smart devices. The problem with my survey technique is that so often the feature that jumps out of the articles and papers are the ways by which every new technology is used against the users for commercial or criminal purpose. Notice how many more robo calls are coming over the phone despite do not call, nomorobo, and blockers? Last week, I noticed my main computer system was running strangely. When I opened the CPU activity monitor, I saw that all 16 threads were running simultaneously at nearly 100% and the GPU was at 62C- as hot as it gets. Those are conditions of maximum computer usage similar to running a very large, complex rendering. when I started a diagnostic program, all the parameters returned to idle. A little research revealed that this was a signal that my computer had been hijacked to min cryptocurrency. The crytocurrency frenzy has meant that hackers are finding idling devices and using them to mine cryptocurrency and this includes smartphones- anything with a processor. Remember the articles about surveillance hacking of Samsung smart TV's ? :

https://www.forbes.com/sites/thomasb.../#69bde17f4bcd

Keep in mind that anything that happens over the Internet might be seen, recorded, manipulated, and/or stolen. There was a robbery of nearly $500,000,000 of Bitcoins a week or so ago- untraceable ATM machines were hacked to spew 20's all over the ground. If ATMS' can be hacked, so can your computers, smart phone, refrigerator, and soon, your self-driving car. If the system running your CNC is Internet connected, it may be possible for someone to download the files for your business or duplicate proprietary designs.

In response, I have a Samsung Galaxy 4 probably permanently in the drawer and instead I'm using a $30, old-fashioned flip phone that is only on when I'm in the car and has the GPS turned off. I have a 1080p internet camera/ mic for Skype, but when not used it is unplugged as these can be turned on- sound and picture transmitted without the on light showing. I do have a Samsung Smart TV, but it is a recent one that cured the hacking potential, plus there is no cable connection and it is not directly connected to the internet, it runs through a computer. I use a VPN- a virtual private network, and run anti-virus and anti-malware programs at least twice a week. Instead of Google I use DuckDuckGo, a web search engine that does not keep any records.

I'm not a paranoid, conspiracy theorist; it's not necessary as the conspiracies and events are reality. A friend of mine in Switzerland spent $2,500 in one year on computer virus repair. It's not feasible to live without devices without processors and Internet connections but until the security situation improves significantly, my idea is to stay as invisible to hackers as possible. If I need to know whether I need milk, I'll open the refrigerator door and the dishwasher can be switched on at lights out by pressing "Start".

Alan

PS: If you disagree, please send me your PIN number and I'll check the security free of charge.

Alan,
I don't disagree, so no offense if I don't offer up my PIN number. Seriously though, your post is unsettling. So here's my question- I realize that any internet connected device can be hacked. However, I'd love some advice from those knowledgeable about whether there are software or even hardware solutions that would make it far less likely. I don't see this as a binary type of thing where either you are totally exposed, or you are disconnected living in a cave beyond hacking. After all as you point out, it's not feasible to live without devices and internet connectivity for most of us.

So just like the average street where one house has good lighting, deadbolts, a dog in the yard, other deterrents, and another house does not, the thieves will always go for the easier target. So what basic solutions could an average person implement that would take them out of the low hanging fruit category?

At my old company we used a hardware appliance called Sonicwall that supposedly made us safer, maybe not hackproof, but more hack resistant that the guy next door that had nothing other than basic Windows network security features. Are there any fans of something similar aimed at the home user?

Thanks,
Edwin

[Jim Becker]

Edwin, nothing is foolproof when it comes to security, whether it's a home-based environment, a large corporation or a government. While it's certainly easy to dismiss new technology based on that risk, it's also an opportunity to do the best we can to make it work as securely as possible. So if we individually follow the best practices to secure at the edge (the gateway between our service provider and our home/business networks and follow other security best practices, such as complex passwords, staying current with OS and application revisions, etc., we at least minimize the security risk as best as we can do so. So many of the security breaches we read about are because someone didn't take the care required to follow best practices...a smaller percentage is because of actual security flaws. Passwords are likely the biggest failure point because folks are afraid of not being able to remember a complex password. One good way around that is to take an easy to remember phrase and turn that into a password using the first letter of each word (or some other regular letter in each word) with varied capitalization and substitution of non-letter characters and numbers where that can happen.

To your specific question, many of the features that were in the Sonicwall firewall appliance you describe are available and sometimes default in good quality gateways (routers) used for Internet access. And yes, there are dedicated appliances available for home or small business use, but many folks are not willing to invest in that extra expense and the sometimes interfere with how a service provider provides content. By example, for Verizon's FiOS that I have, TV subscribers that want to use certain mobile device access capabilities are required to have the VZ provided gateway as the primary interface between the service and the home network. That precludes using any third party gateway device including a security appliance at the point it actually needs to be used to provide the benefits it brings. IE...it's complicated.

[Alan Caro]

Edwin Santos,

Jim Becker makes some very good points.

As careful as I might be in trying to avoid robo calls, viruses, malware, phishing, spam, promotional emails, ransomware, the pressure of intrusion is constant.

But, I'm small fry as compared to the scale of these attacks on institutions and businesses. I worked on a little project for a local research facility and their array of paralleled processing systems is impressive:

P1040741.jpg

But, occupying about the same space and with about the same number of devices, is the facility's firewall. This monitors/protects the several very high capacity connections, running a special software and linked to the maker's facility. This is very expensive. The administrator told me their ordinary day includes well over 1,000 attempts to get into their system.

Of course, the average computer user doesn't need that scale of protection, but unfortunately, the need for vigilance needs to be constant. This is because every move to counter attacks needs a new counter measure and then the hackers study a way around that. There are also constantly new devices and those are quickly attacked. One of the worrying frontiers in that respect are self-driving cars. Have a look at this from 2015:

https://www.wired.com/2015/07/hacker...l-jeep-highway

And that is three years ago and running only very standard connectivity. Of course, with many modern cars, it's possible to know where you are whenever it's running. Cell phones too. When self-driving cars arrive in four years or so, think of the potential disasters.

Here are some ideas for internet security and privacy

1. VPN: I use the Internet quite a bit, and I've found that the greatest protection is the use of a Virtual Private Network- VPN. These, in effect, create a special link to a remote server such that you computer's IP - it's location, appears to be the location of that server. the communications between your computer and the remote server is characterized as running in a "tunnel protocol", and very often has the option to be encrypted. You can sign on to a server anywhere in the world and any outsider can only see that you are connected to that server. If you checked, my computer could appear to be in New Jersey or France. Two good VPNs are NordVPN and Private Internet Access (PIA).

2. Tor Browser: Using Tor Browser is very strong. It's a version of Mozilla Firefox that has no tracking, is encrypted, and does not record your internet activity in any way. The search engine is DuckDuckGo, which also doesn't track and does not tailor the search results to the user: that is, put the paid ones first. If you use an ordinary browser, adjust the settings for tracking protection and that the browser removes all history every time it closes. Day to day, I use Firefox with DuckDuckGo the default search engine. I assume that anything Google- Chrome, Gmail, and Google search will record every keystroke and store it forever.

3. Virus scanning: there are a lot of these and even some free versions can be quite good, but I use a high level paid service.

4. Protection of the system OS and files: I keep a hard drive in a USB enclosure that is run only to backup files. this isolates it from a computer virus /malware. One partition contains all my files , frequently updated. Another partition has an exact copy of the C: drive. If my hard drive failed, or had a virus, I can format the new C: partition, migrate the system image, restore the files in less than two hours.

5. Malware protection: Malware seems to be more common now than viruses as malware has a commercial dimension: gather personal information, redirect the browser, see files, and so on. Ransomware is a recent one in which the hacker encrypts all your files and then wants money for the encryption key. We had a situation in California in which this happened to a hospital - an act of terrorism in my view- and I think it cost them $100,000 plus to recover. Malwarebytes https://www.malwarebytes.com has a free version, which is quite strong but if your system is used commercially, have the paid, premium version which monitors in real time- not only when scanned. I run this twice a week.

6. Adblockers: I have not watched network television for more than 20 years and today have a physical reaction to TV advertising. The internet is packed with ads of course, but I use the free Adblock Plus with Firefox and I never see ads. I'm looking into AdGuard, a [aid application, which combines more robust protection against advertising, malware, and tracking.

7. Robo calls: I am on the Do Not Call Registry, run NoMoRobo, have 50 blocked numbers, and therefore "only" have 3-5 unwanted calls per day.

8. Smart TV's: The more I look into smart TV's, the more I'm convinced the TV is watching me as much or more than I watch it.

These may seem like extreme measures, but I still have intrusions and of course, I don't know what I don't know. Privacy is impossible in the face of the combined efforts of modern commercial, governmental, and criminal interests.


Alan

[George Bokros]

I have three televisions in my home. All three WERE on my home WiFi network. The newest one in our master bedroom turned on by itself at 4:00 a.m. one day, how did that happen??? I removed that one from my WiFi. Since I removed it from my WiFi network it has never turned on by itself again. No other device in my home including a computer that is on all the time and the other two televisions have ever had an issue with intrusion. Puzzling to me!!

How did this television turn itself on and never happen again after removing it from my WiFi?

[Jim Becker]

George, smart TVs tend to do software updates on a regular basis just like the computer you're using to access this forum. They "shouldn't turn on" visibly for this process, but sometimes it happens. Since it now has no network connection, it's not going to behave the same. That's both good and bad, but good outweighs bad since without a connection, it's "totally secure" from any outside influence.

[Alan Caro]

George Bokros,

Just to eliminate the easiest explanation: is there any chance that the remote control ended up on the bed somewhere? I heard about a fellow in California whose cat a couple of times walked on the remote at 3-4AM, I think to try and watch documentaries about mice,fish, and interesting projects using string.

Otherwise, is your TV by chance a Samsung?

https://mashable.com/2013/08/02/sams.../#3MdquZXWGkqQ

Alan

[Charlie Velasquez]

we are in the process of transitioning to a house that is six years old. My son loves smart devices and is retro-fitting much of the house with smart devices.
ecobee stats, smart lights, sound system, not sure what else. Haven't made the final move yet, so I don't know how it will work out.
But, his house is pretty smart.

He has his ecobee programmed, but if there are changes to his schedule he can access his hvac with his android phone. It coordinates his whole house humidifier and such. It tells him when the filters are starting to run less efficiently.

From his office he has opened his garage door for a furniture delivery, then closed it again when the delivery guys left. Prior to the delivery he moved one of his security cameras to the garage and watched the delivery being made.

In his theater room he tells the projector to turn on and then tells the lights what percent to dim. He adjusts the volume of video or music by voice and can tell it which rooms to send the sound to.

He has a couple of dogs that shed... a lot. He runs his Roombas a couple of hours before getting home.

Once he sits down after dinner, he really doesn't have to get up much....

I have not talked with him about the dangers, but I assume he is well aware of them; he works in the internet/network security business, installing and maintaining secure networks for a bank.

[Paul F Franklin]

IMO, there are a few fairly simple and inexpensive steps one can take to improve their odds against the bad guys.

1. Pay money for a decent VPN vendor and use the VPN. (The free services, for the most part, are not worth using.) It does slow down browsing a bit but if you pick a good vendor, it's rarely noticeable. When you first set it up, you will get some security flags when you log in to, say your bank, because they don't recognize your computer since it's hidden behind the VPN, but this is a one time thing. Ideally, you can configure your router (if you have one) to connect via the VPN and that way every device connected to your network will automatically be behind the VPN.

2. Whatever account you log into your computer regularly should not have administrator rights, but should just be a regular user account. You won't be able to install software or make some system changes without supplying your administrator password, but it makes it harder for the bad guys to install malware on your machine or access it in other ways.

3. Use a password manager to make it easy to use good passwords and easy to change them often. Even better, if you have a fingerprint scanner on your laptop or add one to your desktop, you can tie the password manager to the fingerprint scanner and log in to any of your accounts with a swipe of your finger.

4. Of course, use good antivirus software and good anti-malware software.

5. Set your wireless router, if you have one, to not broadcast your SSID. That means you will have to know the name of your network to login to it, but it makes it harder for casual bad guys to see your wireless.

6. Turn on two factor authentication for every online account that supports it, like banks and credit cards, paypal, etc. When you attempt to log in, they will text you a security code that you enter as a second password. Adds a strong extra layer of security.

7. Set up alerts on all your credit cards that will text you if there are a) foreign transactions or b)transaction exceeding $xx.

[George Bokros]

George Bokros,

Just to eliminate the easiest explanation: is there any chance that the remote control ended up on the bed somewhere? I heard about a fellow in California whose cat a couple of times walked on the remote at 3-4AM, I think to try and watch documentaries about mice,fish, and interesting projects using string.

Otherwise, is your TV by chance a Samsung?

https://mashable.com/2013/08/02/sams.../#3MdquZXWGkqQ

Alan

Yes it and one of the other ones is a Samsung. No the remote was on top of the TV cabinet and we do not have a cat.

[Edwin Santos]

IMO, there are a few fairly simple and inexpensive steps one can take to improve their odds against the bad guys.

......

Hello Paul,
Thank you! This was the kind of feedback I was seeking. Much appreciated,

[paul cottingham]

Its not foolproof, but you can't get on my wireless without the MAC adress of the device being registered with my wireless router. Works pretty well. I also turn off SSID broadcasts.