Free songs

Home

Risks of “Cutting the Cord”: Home Security, Thieves & Cell Phone Jammers

Cell phone jammer with 20 meter range

I hear a lot about people “cutting the cord” stating they are free from their wired line and more disturbing is the fact they brag about this online via social media to the public. This puts people at significant risk, risk that many are not aware of. Potential thieves or home invaders now know a key weakness and if they are even a little smart can have an advantage when they invade your home. Cell phone jammers although illegal are still easy to come by.

Cell phone jammers can be purchased online and the sites selling them have ways of shipping them to US residents, even though they are illegal. Using a cell phone jammer can get you a $20K fine or worse. However if a criminal can buy an unlicensed firearm getting their hands on a cell phone jammer is not difficult.

If a thief or home invader enables one of these devices from outside your home, your phone will no longer be able to get a signal and you will not be able to call any emergency numbers for assistance. Many of these jammers will also disrupt Wi-Fi so all communication can easily be disable inside of a home with the flip of a switch on these devices.

Although more and more people are “cutting the cord” this also raises challenges for traditional alarm systems which rely on land lines. If a land line is cut, this usually triggers and alert at the alarm monitoring station. Nowadays alarms have the option of being wired through an internet connection, or use cellular connections. However, these two newer methods have issues,  if the Internet or cellular connection goes down the alarm provider is usually not alerted. A thief can easily cut the Internet connection from outside of a house and we have seen what is possible with a cell phone jammer.

Many carriers are selling additional home automation and security devices and services ranging from alarm systems, cameras and locks. However, one has to wonder how well these devices and security measures function when a jammer is introduced to the mix. I asked an AT&T representative this and he just said that “cell phone jammers are illegal so you won’t need to worry about that,” well fully automatic AK-47s are illegal too, but that doesn’t mean criminals don’t have them.

I don’ want to scare anyone into not cutting the cord, but people do need to be aware of these additional risks and plan accordingly. Also if you do cut the cord it is not a good idea to share this on social media, just the same as it is a bad idea to tell the world you will be on vacation for the next few weeks.

Prodigy/Telmex E-Mail Vulnerabilities Exposes Thousands of Accounts and Puts Millions At Risk

Over the past few weeks I have been working with  El Economista on the discovery and disclosure of a massive security hole in Prodigy’s  (Telmex) mobile email and web based mail systems in Mexico.

The hole has exposed at least several thousand email accounts, even enabling the indexing of email accounts and messages by Google and  putting all Telmex customers who have an email on the Prodigy.net.mx and several other domains at risk.

Read More»

Digital Privacy Isn’t Taken, It Is Given Away

Open Source Data & Surveillance

With the Edward Snowden privacy leak there is an important factor that is being missed. It isn’t the government agencies that collect the data, they are merely consumers and harvesters of it. The data comes from corporations that have been collecting this it for years, data that we have given them freely in exchange for convenience and vanity. We are the victims and the perpetrators.

Read More»

Senate Cyberstalking Bill To Close Privacy Loophole

Today the Senate Judiciary Committee is set to approve legislation sponsored by sponsored by Sen. Al Franken, D-Minn. that would block a loophole for “cyberstalking apps”.

Read More»

ToorCamp 2012 – Tracking Technology, Forensics and Privacy

My presentation from this summer at ToorCamp, probably the most fun you can possibly have at a security conference. I learned tons.

Read More»

Vice.com Publishes Exclusive with John McAfee Reveals Location In iPhone Metadata ( EXIF )

Update: It looks like McAfee really is in Guataemala and has hired an attorney in the country. ( looks like our friends at Vice.com learned a lesson, they removed the EXIF data )

Vice.com published an exclusive story titled “WE ARE WITH JOHN MCAFEE RIGHT NOW, SUCKERS” where they talk about travelling with him for the past four days. The problem is that the photo they posted was taken with an iPhone with geolocation data embedded in it. The original photo was taken down and replaced with a version that has data stripped, however I was able to grab the original, I ran it through EXIFScan and sure enough the GPS coordinates were intact possibly revealing John McAfee’s location in Río Dulce, Guatemala.

Read More»

Mobile Penetration Testing: There’s An App For That

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network from a remotely.

Companies focus most of the security spending and policies on keeping hackers from the outside in, from firewalls and other security hardening appliances, software and tools.

Read More»

Ignite Portland 11: Pwnd By Devices

My Ignite Portland presentation “Pwnd By Devices”…had a blast doing this, even though it was freaking hard:

Read More»

Anonymous vs GoDaddy: Social Media As Social Engineering

When GoDaddy’s services went down last week there was instantly speculation that Anonymous had something to do with it. The fact that the group has been responsible for a number of high profile hacks leads many to think that any hack or data breach has something to do with the group. When GoDaddy’s services went down and an Anonymous member claimed responsibility many in the press didn’t even blink and accepted the claim as fact. Even journalists who should know better to check their facts were citing Anonymous claims as fact, or at least helping to distribute the claims to the masses.

Read More»