• FREE Shipping & Insurance on Orders Over $500
    FREE Shipping & Insurance on Orders Over $500
back to top

Don’t Hide Your Gold Coins Where Your Thermostat Can See - John Rubino (21/3/2017)

March 21, 2017

Back in the 1990s when businesses started going online they frequently didn’t realize that their new networking gear came with simple default passwords like “admin”. So a whole generation of early hackers simply scanned the web for companies that had inadvertently exposed themselves in this way, siphoning off (probably, no one really knows) billions of dollars and causing various other kinds of mischief.

Now that process is repeating with the Internet of things (IoT). As pretty much every device in homes and businesses is imbued with sensors and connected to internal networks and/or the broader Web, hackers are exploiting the many resulting vulnerabilities.

But this time around it’s personal, as formerly innocuous things like TVs, phones and thermostats gain cameras and microphones, creating all kinds of privacy issues – some of which are potentially (and catastrophically) financial. Here’s a sampling of what appeared on the subject in yesterday’s Wall Street Journal:

What’s Attacking the Web? A Security Camera in a Colorado Laundromat

While Bea Lowick’s customers were busy folding clothes last year, the security system at her Carbondale, Colo., laundromat was also hard at work.

Though she didn’t know it, Ms. Lowick’s Digital ID View video recorder was scanning the internet for places to spread a strain of malicious software called Mirai, a computer virus that took root in more than 600,000 devices last year.

Ms. Lowick, 59, said she wasn’t aware the device was doing anything other than acting up. Her remote-viewing app kept disconnecting. She was able to reconnect it by restarting the digital video recorder.
“I would have to go in and unplug and plug in the DVR” to fix it, Ms. Lowick said, adding that she didn’t know that unwanted software was to blame.

The culprit went unnoticed because Mirai usually doesn’t take full control of its hosts but rather uses their computing power to attack websites, many of them halfway around the globe. Most victims aren’t aware they are infected. Researchers at two independent security firms confirmed a device using the laundromat’s internet address hosted the virus.

Bill Knapp, who installed the laundromat’s surveillance system, said he learned of the virus after being notified by a reporter.

“One of the hardest parts of this business is that everyone loses their passwords,” said Mr. Knapp, owner of Security Solutions LLC. When Ms. Lowick forgot her password, he said, Digital ID View would reset the DVR to its default password, “123456”—a weak but common option that opens the door to attackers.

A wave of inexpensive webcams, thermostats and other internet-connected devices are hitting the market, many of them carrying minimal safeguards against remote hacking. Hundreds of thousands of these machines already host malicious software, unbeknown to their owners.

Security researchers are constantly finding new flaws in connected devices. Some allow voyeurs to peer into internet-enabled cameras. Others give hackers a jumping-off point to infect nearby computers where bank-account information and other sensitive data can be pilfered.

Newfound Bugs Expose Webcams’ Vulnerabilities

Researchers in recent weeks discovered a laundry list of vulnerabilities that leave web cameras and digital video recorders open to hacking, often because the devices continue to run outdated software. Earlier this month, independent security researcher Pierre Kim named seven bugs afflicting more than 1,200 webcam models, allowing attackers to bypass firewalls, log into the devices with a preprogrammed “backdoor” account or watch a live stream of the cameras without signing in at all.

Mr. Kim advised owners of the affected cameras to immediately disconnect them from the internet, noting that hundreds of thousands of the devices are vulnerable to one bug and millions more could be accessed through another security flaw.

Manufacturers are expected to add another 2.5 billion connected devices, from laptops to lightbulbs, to the market this year, according to IHS Markit Research. Many are programmed to download the latest security updates out of the box, but others require their owners to do it manually.

To summarize, in today’s world pretty much everything could be watching you and sharing that data with governments or hackers. And as embarrassing as it might be to have videos of your private habits appear on YouTube, having your finances compromised might be a lot worse. What if, for instance, your laptop watches you sign into your online broker, or your thermostat sees where you hide the next batch of silver coins?

The upshot: You can save lots of money and invest it brilliantly — and still lose it to this new generation of predators. There are, however, some basic precautions that will help. Also from yesterday’s WSJ:

How to Secure Your Smart Home

Spotting computer viruses is getting harder as threats spread from well-protected PCs and phones to cars and household appliances with fewer safeguards. Experts say it’s hard for consumers to detect all viruses, but users can still follow a few low-tech steps to protect their homes. Many computer viruses found on home routers, digital video recorders and cameras won’t survive a hard reset. That is because the unwanted software lodges itself in the machine’s temporary memory banks instead of its permanent storage. Powering off the machines if you suspect an infection can help clear the most basic malicious software.

Quarantine Before Curing

Malware can reinfect clean devices in seconds, so it is important to sever the machines’ pathway to the internet before restoring power. You can still access the equipment’s login screen over home Wi-Fi, but first you should disconnect your Wi-Fi from the internet to prevent instant reinfection. And many devices don’t need go back online to work, even if they’re internet capable. “Pretty much, if you don’t need it or aren’t using it, don’t be afraid to turn it off, mute it or unplug it,” says Yolonda Smith, product manager for security firm Pwnie Express.

Fix the Password

Before restoring internet access, use the machine’s control panel—accessible over Wi-Fi from any nearby laptop or desktop—to reset the password. Some of the most powerful computer worms spread by exploiting devices’ default credentials, which can be “admin” and “12345.” A unique username and password will protect the machine from many of the threats plaguing the internet.

Stay Up-to-date

Most responsible manufacturers offer software patches once they’re aware of a security vulnerability, but many companies leave it up to the user to take the initiative. If a company offers smartphone- or desktop-management software, download it and make sure automatic updates are enabled. Steer clear of any internet-ready device that isn’t able to patch itself.

Batten Down the Hatches

Home routers usually ship with a preinstalled firewall—an electronic barrier that filters unwanted internet traffic. But not all firewalls are of equal strength. Many homeowners can tweak their router or modem settings to apply stricter rules to suspicious internet traffic. If you’re very worried, you can buy specialized firewall equipment, which has come down in price in recent years.

John Rubino runs the popular financial website He is co-author, with GoldMoney’s James Turk, of The Money Bubble (DollarCollapse Press, 2014) and The Collapse of the Dollar and How to Profit From It (Doubleday, 2007), and author of Clean Money: Picking Winners in the Green-Tech Boom (Wiley, 2008), How to Profit from the Coming Real Estate Bust (Rodale, 2003) and Main Street, Not Wall Street(Morrow, 1998). After earning a Finance MBA from New York University, he spent the 1980s on Wall Street, as a Eurodollar trader, equity analyst and junk bond analyst. During the 1990s he was a featured columnist with and a frequent contributor to Individual Investor, Online Investor, and Consumers Digest, among many other publications. He currently writes for CFA Magazine.

The author is not affiliated with, endorsed or sponsored by Sprott Money Ltd. The views and opinions expressed in this material are those of the author or guest speaker, are subject to change and may not necessarily reflect the opinions of Sprott Money Ltd. Sprott Money does not guarantee the accuracy, completeness, timeliness and reliability of the information or any results from its use.

Don’t miss a golden opportunity.

Now that you’ve gained a deeper understanding about gold, it’s time to browse our selection of gold bars, coins, or exclusive Sprott Gold wafers.

About Sprott Money

Specializing in the sale of bullion, bullion storage and precious metals registered investments, there’s a reason Sprott Money is called “The Most Trusted Name in Precious Metals”.

Since 2008, our customers have trusted us to provide guidance, education, and superior customer service as we help build their holdings in precious metals—no matter the size of the portfolio. Chairman, Eric Sprott, and President, Larisa Sprott, are proud to head up one of the most well-known and reputable precious metal firms in North America. Learn more about Sprott Money.

Learn More

Looks like there are no comments yet.