“Everyone talks about protecting themselves at work, but what about at home?”
Mike Muscatell asked a pointed question of his peers at SecureWorld Charlotte this week.
The Sr. Information Security Manager at Snyder’s-Lance has been part of the regional cybersecurity conference for seven years now.
And during this session, he looked at how much information we may be giving away without thinking about it.
Things that could make us a target for cybercrime.
The “smart home" system that gave its owners away
Muscatell went on the hunt for information.
He used a fee tool to scan for internet connected devices that were sending unencrypted information.
Boy did he find it.
“I easily found a signal for a smart home system that was broadcasting to the web. The system told me that the homeowners had solar panels, a geofence setup for their dog and the dog’s name, gave insight on the devices being used inside the home, and the system’s latitude and longitude.”
He then entered the system’s latitude and longitude into another program, which narrowed the location down to a street of row-houses.
A quick online search revealed the final necessary detail: only one home had solar panels on the roof.
All that for what Muscatell says was just a few minutes work.
It’s the kind of info hackers could use for a spear phishing attack. Or more.
Muscatel’s advice: “Next time you have IoT devices installed at work or at home, ask the vendor if they have turned on encryption.”
Where is your biometric data going?
He also spent time on biometric data, which is increasingly being collected from us.
“If your business uses biometric data around timeclocks or IoT devices, where is it going? Is it being stored securely?
The Privacy Professor told us at SecureWorld Detroit it is a mystery what is happening to much of our medical data.
He also looked at terms and conditions for one of those DNA testing services.
“You’re selling your genetic map,” he says.
And reminded the audience about an important point: “If a bad guy wants your biometric data, he doesn’t need your actual fingerprint, just the data that represents your fingerprint. It will be unique, one of a kind.”
One of a kind data, that is likely being shared more than ever before.