loader from loading.io

Welcome! iOT hardware makes your Business Vulnerable plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Release Date: 09/11/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Why Most Businesses Don't Take Security Seriously and Why they Should? show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Why Most Businesses Don't Take Security Seriously and Why they Should?

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Steve Fourni who was sitting in for the vacationing Jim Polito.  He had a few questions about computer security especially in light of the 129 Microsoft Vulnerabilities that were addressed on Patch Tuesday, I did get up on my soapbox for a bit, but Here we go with Steve. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Hey, it's political season. I had to get on my soapbox. Okay. Little stump, speech, going on here, Craig Peterson. Of course this...

info_outline
AS HEARD ON NH Today with Jack Heath WGIR-AM 610: Critical Patches and Some Good Economic News show art AS HEARD ON NH Today with Jack Heath WGIR-AM 610: Critical Patches and Some Good Economic News

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. I was on with Jack Heath and we discussed a critical patch that was announced on Friday and is so dangerous that the Fed's gave their system administrators until today to get their servers patched up.  Also, Microsoft announced 129 Critical patches on Tuesday -- Patch, Patch, Patch!  Then we talked about some good economic news. Here we go with Jack.  These and more tech tips, news, and updates visit -  ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Hey, had a quick hit with...

info_outline
Welcome! Why Hackers Like Outsourced MSPs plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Why Hackers Like Outsourced MSPs plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains why Hackers have found a new target that they love and why it might put you in jeopardy. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Welcome everybody. Hey, if you think that your IT being outsourced is going to somehow protect you from the bad guys. Unless they are a security service provider, I've got some news for you. Hello everybody. Craig Peterson here. A welcome and glad you joined us here on news radio 98.5 And AM 560. I also want to remind...

info_outline
Welcome! Cybersecurity Spending - The numbers plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Cybersecurity Spending - The numbers plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig puts into perspective cybersecurity spending and how much you should be looking to spend based on certain criteria. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] This talk of MSP outsourced IT providers.  Brings up a really great question. How much should you be spending on security in a business or at home? Hey, you're listening to Craig Peterson here on WGAN 98.5 FM and AM 560. You can also hear me every Wednesday morning with Mr. Matt Gagnon and, he and I...

info_outline
Welcome! China and An EMP - Could it happen plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! China and An EMP - Could it happen plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig discusses Electromagnetic Pulse as it relates to the DHS warning that China might be planning something around our election. What would it mean? How would we deal with it?  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you're not familiar with the Carrington event, stick around because the odds are great we're going to have to live through another one of these. Even though it's been more than a hundred years, we're going to talk about EMP attacks and a real...

info_outline
Welcome! Nation-State Election Interference is about Chaos plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Nation-State Election Interference is about Chaos plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Nation-state Election interference and what is more likely just spreading Chaos and distrust. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Of course, we talk a lot about Russian hackers, Chinese. Iranian, and it goes on and on North Korean, we're going to talk right now about our elections. 2020 a very big year. What's Russia up to, and what's the US doing about it. You're listening to Craig Peterson here on News Radio 98.5FM and AM 560. You can also listen...

info_outline
Welcome! Your Privacy and Security Concerns of Tele-Health plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Your Privacy and Security Concerns of Tele-Health plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Why you should be concerned about your private health information when using a Telehealth application.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Coming up in this hour, we're going to be talking about some of these cyber risks that are really exploded because of the telehealth services. We'll tell you about that. And online voting. Price gouging and defective products rampant on Amazon. Hey, listening to Craig Peterson on news radio 98.5 FM and AM...

info_outline
Welcome! Voting technology and why We Won't have Online voting for some time plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Voting technology and why We Won't have Online voting for some time plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains Voting secrecy and privacy and why online-voting is not ready for prime time and how Mail-in voting is ripe for fraud.  For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're about to talk about online voting. I know you've heard a lot about the Mail-in voting, right? Both sides of that, as well as the regular voting booths and stuff. But we're going to talk about on-line. Hey, of course, you're listening to Craig Peterson here on news radio 98.5 AM and AM...

info_outline
Welcome! Amazon Marketplace and third-party sellers plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Amazon Marketplace and third-party sellers plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains third-party sellers on Amazon and why it is not all it is being made up to be and why? For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] You've probably been shopping online and some of these retailers include some of the biggest ones out there have been price, gouging, us, and shipping defective products. We'll talk about who and why and what you can do. Hey, welcome back everybody. Craig Peterson here, he listening to news radio 98.5 FM and AM 560 thanks for...

info_outline
Welcome! Professional Ransomware is Here plus more on Tech Talk with Craig Peterson on WGAN show art Welcome! Professional Ransomware is Here plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome! Craig explains the new Corporate face of Ransomware called Ransomware-as-a-Service or RaaS.  How it works and what it means for you the small business owner. For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Odds are pretty good, actually that you've already been hit with ransomware. Raise your arm if it's happened to you, put your hand up. Yep. Yep. I see you. it has gotten a lot worse lately. You're listening to Craig Peterson right here on news radio 98.5 FM, AM 560,...

info_outline
 
More Episodes

Welcome!

Craig discusses IoT hardware and how these gaget-y devices can put your business at risk. Listen in to find out why?

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

iOS 13.7 launched today with a new system for battling the pandemic

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

The accidental notary: Apple approves notorious malware to run on Macs

Most IoT Hardware Dangerously Easy to Crack

55% of Cybersquatted Domains are Malicious or Potentially Fraudulent

Feds Can’t Ask Google for Every Phone in a 100-meter Radius, Court Says

The Hidden Cost of Losing Security Talent

 

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Sometimes it seems like the easier things are the tougher they are. And man is that true according to this new study we're going to talk about right now when it comes to these wonderful little appliances we have.

Hello everybody. Craig Peterson here. Thanks for joining me. I enjoy being here on the radio answering questions. I got a lot this week. I got dozens of them, so that's wonderful. Keep them coming in. I pick the best ones for what we call our newsletter. That typically goes out Saturday mornings. Again, it depends on what our weeks are like. Getting those out and I try and answer them there.

That's part of what we're going to be doing. Midweek starting next week. We're going to be sending out these little emails, a long tail thing, explaining a specific topic.  Something you can read and just a few minutes and get something out of.

We want it really to be transformational. If you can do that in three minutes. We have been transforming our lives in a lot of ways. Many ways of us, of course, have been using computers for decades now. We've been using these smart devices for at least a decade. Before I had my first Android smartphone and my first iPhone, I had the Palm pilot phones and just what I could do with my Palm. It was just absolutely amazing.

Do you remember handspring and some of these other guys there are just so many wonderful things we could do with them that the Apple Newton, which never really hit it off, it was very expensive? All of these devices were designed to make our lives a little bit easier and they all required a lot of intelligence.

Now we have devices pretty much everywhere. I was going to say, come out of our ears, but that's true too. When it comes to hearing AIDS, these extremely small devices that have embedded computers, a whole computer system. Now when you're trying to manufacturer something like a light bulb that has smarts in it, it might be smart to be able to change colors. It might be smart to get on a network and accept a remote control code. It might be some smarts that are just designed to make the whole house easier. you turn on. A movie and automatically the lights in the room. Dim, the surround sound turns on. Just everything happens for you automatically.

These are all being done with these various small, hopefully, easy to use and install devices. But the problem that we've been noticing is that, wow, wait a minute. Now, none of these devices were really designed with security in mind, and in order to keep the costs down, they have to really strip those operating systems bare.

So there are versions of Linux, many of them now that are just very stripped down. The same thing's true with BSD Unixes or units are used in a lot of this internet of things, devices, and the idea is to get it small, get it simple. So that we don't have to provide them with a big computer or a bunch of computing power.

We can just do it simply. Get that information together, put it out there for the people to use. So what's that information as I said, it can be almost anything. It's about the internet of things. Now, because they have cost reduced all of these devices all the way to just out saving a fraction of a penny on each board. Remember they're making these things by the tens of thousands and ultimately by the millions and billions at least that's the plan, that's what five G is been designed to help handle. They have a whole problem when it comes to what we in the industry might call root-level access.

We've got a security researcher out there who presented over at the Octas virtual disclosure security conference last week that most of this internet of things hardware is dangerously easy to crack and completely take control of. Then they use it for malicious purposes.

The federal government has really cracked down now on anybody that's not just a direct contractor with them, but a subcontractor. We're seeing this all of the time. We're helping businesses. These enterprises that are making things, everything from a cable harness through power supplies, through control systems and control circuits. That now as of mid-August, this year, have to get rid of everything that's in their buildings that do not meet these new CMMC and other standards.

So things like the security cameras that you might have right there. Weren't they real cheap, like the Hikvision stuff, right? Heck, you could just go to any big-box retailer and buyHikvision. Hikvision is illegal to have in the building. You used to be able to separate the network. So you could say, yeah, my Hikvision security cameras on a different network than my Chinese made telephone voice over IP system, which is on a different network than my computer systems. You can't do that anymore. It has to all be gone. Why? It's because none of those systems meet the minimum security requirements.

If we go into a place that is just, for instance, we just picked up another client that's a pizza shop. They're doing really well because of the COVID thing, because people are ordering pizzas, they are being delivered to people's homes and they're just raking in the dough and they were having some problems. So they had us come in.

What was the problem? In their case, they found out that they were about to be audited by our PCI friends. PCI, that's the payment card industry folks. So if you accept credit cards, you now have PCI obligations. What are those obligations or what do you do? How do you deal with those in their case? It turned out okay. That for whatever reason, their credit cards had been stolen, the credit card information.  It could have been a skimmer. We walked into and did a security audit on this chain of restaurants. Pretty big chain here in my home state. We had to poke around. I could not believe it, they had for all of the waitstaff, Android tablets. The Android tablets were all in developer mode, full access to everything on the tablet, including the card reader, that PCI non-compliant card reader. It's great for the servers because they come up, they take the order on this Android tablet, and then at the end of the meal, they just swipe the card in the side of the tablet. Wow. Isn't this just wonderful? Because of the way the software was being run and being used, anything malicious could be installed on that unit that was being carried around by the wait staff.  All the wait staff had to do was put something on there that just the read the credit card numbers as they were being scanned or copied all the information from the transactions and TaDa they now have money in their pocket that happened here in my home state again and it's happening in yours.

Believe me, Wendy's is where this one was and they ended up having people go to jail over that one. This pizza shop. We went in there, they had credit cards, apparently stolen, and that's why they were getting a PCI audit. They brought us in a week before the audit was supposed to happen. We had a look and yes, indeed their equipment had been compromised. It's like I say, all of the time. We never have gone into a business and found that their security is up to date. Every machine we've looked at has had severe security problems and in every case where we've gone in and it's a government subcontractor of some sort. Every case we have found Chinese back doors and other, very malicious software on it. What does that mean to you a regular, a home person, right? Home user. What does it mean to you as an enterprise business, an organization, tax-free whatever you might be?

It means that this internet of things, hardware, whether it's things like the Hikvision cameras that can't be used anymore, legally anyways, for DOD subcontractors on any network on any piece of equipment or our voiceover IP phones that are being hacked or the pizza shop whose POS system had been hacked. What are you doing?

It's across the board for everybody? So Mark Rogers is this white-hat hacker who presented at the Okta virtual disclosure security conference. He was saying that these devices were hooking up to our networks have weak to no protections at all against attacks. Against the firmware on the devices against the software that's running on the devices, et cetera.

He claimed he's able to gain complete route access, route level access means that he can do anything he wants on the machines, including the ability to reflash firmware. In other words, put his own software on the device on 1,012 devices that he's tested.

And going back to this chain restaurant that we tried to help out and they decided no we're all set. Na-Na right fingers in the ears. We could have easily and so could their waitstaff have completely hacked any of these devices. None of them, none of it was probably protected. It's just shocking to me. It is shocking to me just continually.

 The issue with all of these systems, and this is true of almost every internet of thing device out there is that most of the proprietary information about the devices, including their certificates or keys, the communication program or protocols it's stored in poorly secured flash memory.

You think of your flash memory like a hard disc drive, but there are no moving parts in it. Anyone with access to these devices, anybody with some basic knowledge of hardware hacking, even basic software hacking can access the firmware, look for data, including vulnerabilities. We've seen that happen before where security cameras are being used to launch attacks against the rest of the business and it includes DOD contractors, and it includes restaurants. We're seeing that every week.

 Be very careful. I'm not getting into the details of how they're using Uart and J tag routes to get into them. But. This is a real problem, everybody.

So again, be careful the best stuff out there right now when it comes to the internet of things to smart devices, to these speakers that you can talk to is now, I'm going to sound like a  broken record, but it's Apple. The Apple devices, the Apple speakers, all of that stuff tends to be more expensive, but it is well engineered and they do seriously consider security as part of all of this.

Well, there's going to be a lot more, go online, and stick around.

You're listening to Craig Peterson here and WTAG we'll be back.

After the top of the hour, we'll be talking about the Cybersquatting offense. Asking Google for phone information and more stick around. We'll be right back.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553