Archive for February 1, 2021

Guest Post: ESET Discusses Safe Sex In The Digital Age

Posted in Commentary with tags on February 1, 2021 by itnerd

In the age of the Internet of Things, safe sex means more than just taking measures to protect yourself from STDs.

It also means ensuring your connected sex toys are protected from cyberattack, and that you are wary of scammers who have no concerns about taking advantage of people using online sites to find a love connection. More and more items from our everyday lives are being connected and automated — from kitchen appliances to lights to home entertainment to doorbells to vacuums, and now adult toys for the bedroom. 

In a time when pandemics and stay-at-home orders are keeping people apart, more are engaging in remote sexual engagements that take advantage of the technology. But be aware — if you are using a sex toy that is considered an Internet of Things device or uses Bluetooth technology, it can be hacked.

“There are literally thousands of connected sex toys in the market right now, but not all of them are safe,” says Tony Anscombe, Chief Security Evangelist with ESET Canada. “It is important that consumers understand that some things you maybe don’t consider IoT or Smart Home can have vulnerability or privacy issues. We should be cautious about everything we connect to the Internet, especially devices that are very personal and may be sharing extremely sensitive personal information.” 

ESET Latin America researchers Denise Giusto Bilic and Cecilia Pastorino investigated security flaws in sex toys, and discovered disturbing findings, including vulnerabilities to a so-called “Man-in-the-Middle” attack where an uninvited third party hijacks a Bluetooth signal to take control of a device, and storage of personal information — name and location, contact details, photos, videos, sexual preferences and perhaps financial data — that could be subject to a security breach.

The possibility of a stranger taking control of a remote sex toy also creates a new form of sexual assault as they are making unwanted intrusions into one’s sexual activities.

However, just like a condom can help stop the spread of STDs, there are protective measures people can take to ensure their sexual experiences stay between them and their partner.

  • Clandestine Account Information — Be sly when entering information to register and create an account. Use a fantasy name and create a new email address that cannot identify you. 
  • Be Discreet — If you are going to share images or videos, avoid sharing content where your face or unique markings can make you easily identifiable. And do not post remote control tokens on the Internet.
  • Keep it Updated — This goes for all of your Internet of Things devices, but ensure the firmware is updated. These updates often fix bugs and vulnerabilities to ensure the most current version is the safest. Many of th4se devices also connect though an app, which should be updated as well. 
  • Stay Close to Home — It is advisable to use connected sex toys in a protected environment — like your home where your personal network can provide an extra layer of defence against intruders. Public places like a bar or nightclub or areas where a lot of people are passing through — like hotels — are a big risk for unwanted exposure.
  • Test it Out — Before buying a connected sex toy, get on a search engine and see if it has been subject to security concerns in the past. It is also advised to download the app that operates the toy to get an idea of how it operates, what kind of information it collects and if it is secure. 
  • Authenticate — When researching your purchase, see if there is an authentication step. This will greatly enhance the cybersafety of the toy.
  • Provide your own Protection — Just like wearing a condom, provide your own protection when engaging with a connected sex toy by ensuring your smartphone is fully updated and has a security solution installed. Protect your home WiFi network with strong passwords, securely encrypted algorithms and regular updating of the router’s firmware.
  • Read the Fine Print — We know the tendency for everybody is to skim through any terms of agreement to get to the “Agree” button, but when it comes to connected sex toys, take the time to read the privacy policy. This should tell you what personal data is being collected, shared and stored.

“If you share something on one of these sex toy apps, at some stage it might become public,” says Tony. “So make sure it can’t be traced back to you in any way. The only safety you should be worried about is a safe word.”

Leave a comment »

Guest Post: 152 Election Apps Found To Be Dangerous, Recent Findings From Atlas VPN Reveal

Posted in Commentary with tags on February 1, 2021 by itnerd

The COVID-19 pandemic has forced many people to turn to the internet for information about the elections. Moreover, a large part of the population voted digitally. This shift created countless new attack vectors for cybercriminals. 

According to data presented by Atlas VPN, over 152 US election applications have infringement issues and 16 mobile apps have malicious code within them

In total, the research found 186 US election apps, out of which 152 were deemed fraudulent or malicious. Meaning, these apps claim to be authorized by the government or by the State, but in reality, they are not.

Rachel Welch, COO of Atlas VPN, explains why cybercriminals might choose app stores outside of the US to publish malicious applications:

“Application stores are spread all around the world and are subject to different rules and regulations. For these reasons, it is easier for scammers to release an unofficial service in one country than in another.

Not surprisingly, most election applications originate from within the US. The good news is that it is easier to submit a complaint and take down these malicious services if they are in the US. On the other hand, if the application is in a foreign state, it might prove difficult to take it down in a timely manner or at all. 

For example, 17 applications are placed in stores that are registered in Hong Kong. Similarly, 14 infringing mobile election services are available in China’s app stores or websites.

Also, 10 applications are distributed from Panama — a country with loose digital privacy regulations. 

Who’s the most vulnerable target? 

Which consumers should watch out for these threats the most? Firstly, the investigation reveals that most infringing applications are aimed at Android users, comprising 95.6% of the total dangerous apps detected.

What is more, applications are distributed throughout various app stores and websites. These distributors can be grouped into four main categories — official, secondary, affiliate, and hybrid stores. 

Official stores are authorized, large-scale suppliers. The main ones are Google Play Store, Apple App Store, and Samsung Galaxy Apps Store. 

Naturally, these stores have the best security practices. Research data uncovers the fact that only 1.2% of dangerous election applications are from official stores.

To find out the explanation and dangers of infringing applications, head over to: https://atlasvpn.com/blog/over-150-us-election-related-mobile-apps-found-to-be-dangerous-or-malicious

Leave a comment »