Is Your Smart TV Spying On You? (Hint: It Is.)

Frank DeLuca is a field technician for Tech Experts.

There’s a good chance your smart TV is spying on you. Smart TVs often analyze the videos you’re watching and report back, whether you’re watching live TV, streaming videos on a service like Netflix, or playing local video files. Worse yet, this can be a security problem.

Smart TVs not only usually have bad interfaces, but they spy on what you’re watching even when you aren’t using their “smarts.”

Modern smart TVs often have “features” that inspect what you’re watching and report it back to some company’s servers.

This data can be sold to marketers or it could be tied to you somehow to create a better ad-targeting profile.

In reality, you are not getting anything out of this as the TV manufacturer just makes some more money on the side by collecting and selling this data.

Smart TVs also have questionable security protections.

For instance, Vizio TVs were discovered to be transmitting tracking data without any encryption, so other people could possibly snoop on the snoopers. They also connect to a server without checking if it’s a legitimate server, so a man-in-the-middle attack could send commands back to the TV.

Vizio says it has fixed this problem and TVs will automatically update to a new firmware.

But are those smart TVs even checking to ensure they’re downloading legitimate firmware files with correct digital signatures?

Based on TV manufacturers’ cavalier attitude towards security in general, I wouldn’t bet on it.

To make matters worse, many smart TVs have built-in cameras and microphones. If the security is so shoddy in general, it would theoretically be possible for an attacker to spy on you through your TV.

What can you do to stop your TV from spying on you?

Just don’t connect your smart TV to your home network and you’ll be protected from whatever built-in analysis features it has and any security vulnerabilities that could be exploited.

If the TV is not connected to the Internet, then it cannot transmit data out.

If you have connected it to the network, go into your smart TV’s settings and disconnect it from the Wi-Fi. Don’t connect it to the network with an Ethernet cable either.

If you’ve already connected to the Wi-Fi network, try to get your smart TV to forget the password. If you can’t, you may need to reset it to its factory default settings. When you set it up again, don’t give it the Wi-Fi password.

This will also prevent your smart TV from embedding extra advertisements into other things you watch — yes, some Samsung smart TVs actually do that!

The best, most secure way to get “smart features” on your TV is by plugging in a streaming box like an Apple TV, Roku, Chromecast, Fire TV, video game console, or one of the many other devices that works better and should be more secure than your smart TV. In which case, that box can be connected to the Internet.

This is part of a larger problem with the “Internet of Things” that society is beginning to grapple with, which envisions modern appliances like your toaster, blender, microware, and fridge becoming “smart” and connecting to the network.

Most devices’ manufacturers don’t seem capable of (or are apathetic toward) creating software and continually updating it so it remains secure.

Smart appliances are great, but the reality of spying and security holes will be a serious problem.

What Can Companies Do To Prevent Privacy Violations?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whether it’s physical, virtual, or in the cloud, discovering and blocking sophisticated threats in the network is at the forefront of every company’s mind.

However, businesses are finding that more and more data violations are taking place when network security centers on the edge of the network are not giving equal protection to the network itself.

Security at the perimeter of the network has received most of the attention from data protection companies.

What many internet service providers and businesses have neglected is protecting what lies within the network. What can your company do to solidify your network and protect you from hackers on the inside? [Read more…]

Windows Fall Creator’s Update: Breaking More Than It’s Fixing

Jason Cooley is Support Services Manager for Tech Experts.

Microsoft dominates the world of operating systems. Windows has been a part of our lives for years and some of us can’t remember a world without it.

Each time Microsoft rolls out a new operating system, it is updated and patched for years for various reasons.

Over the lifespan of a Windows operating system, there are various security updates perhaps more than any other type of update.

There are fixes for issues, whether that’s problems with Windows itself or interaction with other hardware and software.

Then there are the outliers: Windows feature updates. These updates typically introduce new features or changes to the core function of the operating system. Feature updates can improve the user experience for many people.

Windows 10 launched in 2015 and, like all of its predecessors, did not launch with perfection. There have been numerous updates of all kinds since its launch. Those security patches, hotfixes, and even a handful of feature updates had rolled out by October of 2017.

That is when Microsoft released the Window’s Fall Creator update. This update was going to create a better user experience. Personal connections were going to be easier to make.

A new application allowing you to resume work or browsing started on a mobile device like a smartphone on your computer was introduced as well. There were a few security updates as well.

All in all, the Fall Creators Update was going to fix a few bugs and introduce some quality-of-life improvements.

In previous versions of Windows, the updates were able to be shut off and postponed.

Large scale feature updates are known to have some complications when rolled out.

That is why these updates are not “pushed” when initially launched, but available to download as an optional update at first.

Upon this introduction window, there were, as expected, reports of problems coming in. What was not expected was the range of issues and the severity of some.

The first issue arising from the release of Windows 1709, the Fall Creators Update, was the update failing to install.

Many people reported issues of an error when attempting to install the update. The initial portion would install, but the finalizing of the updates upon a restart would fail.

If that wasn’t frustrating enough, if the update did manage to install, it was reported that the applying updates portion could take two hours (and in some cases as many as ten hours).

Then, let’s assume you got that far. Maybe you want to use Microsoft Edge, the Microsoft browser of choice. With the 1709 update, many users found that Edge was essentially broken. It would crash repeatedly.

Then, bring in the numerous broken drivers. Imagine an update breaking your Ethernet adapter. It happened. Applications disappeared, began opening on their own, and in some cases just didn’t work. The problems continued to roll in.

Many of these issues were resolved in a timely fashion and some were not. In mid-January, Microsoft declared the Fall Creators Update ready for business. This means that the update would be pushed out to anyone that was not already using it.

After 3 months, many issues were still present and others would soon be discovered.

Many users of corporate software and other specialty software were surprised by software that no longer worked. In some cases, the suggested fix was to roll back the update, which will force itself to reinstall shortly after.

There have been some big patches to fix these issues since January and I’m hoping that in another three months Microsoft will have all of these issues resolved.

Five Ways To Prepare For, Respond To, And Recover From A Cyberattack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When we asked businesses about cybersecurity threats, breach points, policies, company readiness, and recovery, we were surprised at the responses that we received.

The most frightening response of all was the following: “We have no formal process for assessing readiness to deal with a cyberattack of any sort.”

Hindsight is always 20/20 – how many times has something happened that you could have and should have prevented?

Here are five ways to prepare every company for a cyberattack:

[Read more…]

The Best Ways To Deal With Security Threats

Jason Cooley is Support Services Manager for Tech Experts.

Only several weeks into 2018 and computer security has been a huge topic of discussion.

The Meltdown and Spectre discovery at the beginning of the year put people on notice. Any device with a modern processor could have potentially been affected.

While wide-scale vulnerabilities like Meltdown and Spectre are not common, it has brought some much needed attention to the potential of an attack.

Security vulnerabilities happen in many different ways, through different methods. There have been both hardware and software related issues that could have left a person open to an attack. Designed to steal data or infect your system, neither are hassles that anyone wants to spend time dealing with.

Hardware vulnerabilities are fewer and farther between when compared to software issues.

Software always has updates and upgrades or new programs for new uses. Because of the nature of software in a traditional Windows setting, many programs have access to file systems and other sensitive system information.

Have you ever installed software of some sort? Do you recall being prompted to allow the software to make changes to your computer? These privileges, while necessary to run the software, give the software the right to access and make changes to your system.

Typically, this is fine, especially with a trusted software company behind what you are using.

It would be nearly impossible to examine all potential areas of a program to see if there was any possible flaw or vulnerability that could be exploited.

Coding for software can get very in-depth and there are millions of characters involved.

As with all technology, it is constantly changing. A message telling you “software updates are available” is almost certainly something you have seen before. These changes can add functionality, but a lot of times, they are doing so much more.

Take Windows, for example. With millions of devices running on some version of Microsoft’s operating system, finding Windows security vulnerabilities are a priority for developers and the people behind the malicious attacks alike.

Microsoft is a tech mainstay, and one of the biggest players in business, and they are definitely not immune to having flaws that could leave you at risk.

There is good news, however.

Microsoft is constantly updating and patching their operating systems to close any potential flaws that are discovered. Those “annoying” Window’s updates? They are potentially protecting you from data theft.

Does waiting on updates when turning on your computer leave you feeling frustrated? That update may save your computer from malicious software.

Hackers and others behind malicious activities and data theft often find new ways in on existing systems, making updates necessary to fix the newly discovered flaws.

When it comes to security, the best thing for you and your computer is to stay up-to-date on those security updates and patches.

This creates a problem for older operating systems. When Microsoft stops updating an operating system, any discovered flaws remain unfixed. This has recently happened with Windows XP and Windows 7 will soon join the list.

Also keep in mind that out-of-date web browsers, such as Google Chrome and Microsoft Edge, can leave you at risk. Productivity software, like Microsoft Office, because of the way it operates and accesses both the system and network, has great attack potential when not properly updated and patched.

So, outside of the operating system, what other software should you keep up-to-date?

All of it. It is definitely better to be safe than sorry when it comes to your computer and personal data, so play it safe and keep it up-to-date.

Meltdown and Spectre: Protect Yourself With Updates

Jason Cooley is Support Services Manager for Tech Experts.

As I am writing this, it has been about a month since news broke of Meltdown and Spectre, two separate vulnerabilities affecting nearly every smartphone and PC in use today. It affects all modern processors – which encompasses a whole lot of users.

Meltdown and Spectre are different fundamentally, but they use a similar vulnerability to do different things. So what are the differences?

Meltdown breaks the isolation between user applications and the operating system. This allows a program to access the memory and, therefore, the processes and data of the software, even when it is not authorized to do so. [Read more…]

Windows Updates: Allow Them, Don’t Block Them

Ron Cochran is Help Desk supervisor for Tech Experts.

One of the first things you should do when purchasing a new computer (or rehabilitating an older computer) is to make sure the operating system is up-to-date with the latest security patches. In some cases, people disable the automatic updates and this can cause a whole host of issues.

Microsoft regularly puts out security patches, as well as other patches for their software. These patches are applied through the automatic update process. When that process is disabled, this means your computer hasn’t received the latest updates from Microsoft. Because your updates are halted, the system vulnerabilities that Microsoft engineers have found have not been repaired on your system.

You may remember the WannaCry Ransomware attack or, by now, heard of the most recent news of the Intel CPU flaw with Meltdown and Spectre. These two vulnerabilities, if exploited, can wreak havoc on an affected computer.

An affected system could suffer circuit issues, data corruption, system instability, and even data theft. There are always going to be people doing nefarious things when it comes to computers and the Internet, but the engineers behind your operating system and your antivirus company will always be on top of a fix for the vulnerability as soon as it is discovered.

Did you know that Microsoft releases most Windows Update patches on “Patch Tuesday” – the second Tuesday of each month? This keeps automatic system reboots to a minimum and also assists managed service providers like Tech Experts in ensuring that all of their clients’ servers and workstations have the latest software and security patches installed.

At home, you can set your Windows Updates to the “Automatic” option. That way, your system will automatically check for Windows Updates every 24 hours or so if the computer is connected to the Internet.

If you’re thinking to yourself, “I just use my home computer for browsing DIY pages, listening to music, and sending emails. Why would anyone want to get into my computer?,” reconsider how much personal information is actually stored.

It may seem as though your computer wouldn’t hold much useful information, but a hacker only needs a few passwords, an email address, phone number, and address to potentially gain access to cell phone accounts, shopping site accounts, tax information, and even banking and credit card accounts.

Even if the hacker isn’t looking for personal information like that listed above, they could still use your computer to send spam emails to other computers all over the world, slowing down your computer and Internet and causing a whole slew of issues for other computer owners.

Keeping your operating system up-to-date with the latest updates and security patches, keeping your anti-malware and anti-virus software updated and running on a regular basis, and adding robust security settings to your router and firewall will help keep all of these vulnerabilities behind closed doors. At least, until the software engineers can create and deploy the patches and updates to block access to them.

Important Aspects of Cybersecurity

Evan Schendel is a help desk specialist for Tech Experts.

In this age where dangers lie around every digital corner on your computer, what could possibly keep everyone safe and secure?

Cybersecurity experts are the first line of defense and are quite good at holding that line. These experts protect many fields ranging from hardware and software to sensitive data and financial information, even users themselves.

Hardware and Software

The maliciousness of viruses can cripple whole systems and a countless number of links or applications can deliver dangerous viruses or malware. These viruses and dangers evolve every day.

Hardware can be manipulated by vulnerabilities and exploitations as well. Without intention of frightening you, each part of your computer could be of interest to the right person, as the recent Meltdown and Spectre issues have shown. It isn’t simply your operating system or data that can be affected.

This constant cycle of attacker-and-defender leaves thousands of unfilled jobs for cybersecurity and the protection of devices. If these jobs were not filled or properly trained, computer systems across the world would fall prey to hackers. However, your device itself is not the only thing that can be harmed.

Sensitive Data and Users

When unauthorized hands gain access to personal information, it can lead to disaster. A person’s financial and personal data is important and the people who protect that data are far fewer than those seeking it out.

Anti-virus programs are made by people who know viruses well, often those who had created viruses or malware prior to their more noble ventures.

These should always stay updated and definitions for these pieces of software tend to be updated with frightening frequency. Staying up-to-date on malicious software and code is the only real method of stopping it, after all.

Systems administrators also have the need for people who can spot discrepancies or potentially malicious actions in their networks and keep standards up to snuff. Passwords and safety precautions must be set to a standard that is important to follow and uphold.

Information over the phone can also be an issue, as many users have trouble distinguishing a scammer from a legitimate caller. This is where education and prevention come in.

Educating people about how potential scammers may work is one of the most important aspects in preventing unsuspecting folks from giving their credit card information away, or worse.

Preventing these scammers from calling thousands of people a day is also of utmost importance, but requires experts and trained technicians (even the government, in some cases) to crack down on these cyber criminals.

Lastly, the most vulnerable aspect of a computer’s security is, unfortunately, the user. Tricky emails and legitimate-looking sites can be incredibly tough to distinguish from the original product. Most wouldn’t even suspect such an uncanny replication.

This is where user error molds with a criminal’s savvy nature. If this sounds unrealistic to fall for, then it’s even better, but more times than not, someone will fall for it – even the experts can be fooled by sophisticated trickery or maybe a simple lack of awareness. Luckily, if this is the first issue, the other sections can come into play and protect your systems and yourself from being subject to data loss or cyber-thievery.

Cyber Security: How Safe Are You?

Jason Cooley is Support Services Manager for Tech Experts.

In 2017, Equifax, one of the largest credit bureaus in the US, suffered a data breach that exposed the names, Social Security numbers, date of birth, and some driver’s license numbers for 143 million people. An additional 209,000 people also had their credit card information exposed.

The attack was discovered on July 29th, but according to Equifax, the breach began sometime in May.

Let that sink in. One of the companies that rates credit scores and stores tons of financial information, had their data stolen for months.

Some would think that the larger the company (especially with sensitive data), the better the security. That isn’t always how it works out.

eBay, the online giant, is not immune. In 2014, 145 million user accounts were compromised.

The list goes on, and it contains some pretty big names. Target (2013), JP Morgan Chase (2014), The Home Depot, VeriSign, and even Sony’s Playstation Network (2011) have all suffered at the hands of hackers.

Don’t panic just yet, though. There are many things to consider when it comes to data security. From businesses to your personal data at home, we all obviously want to keep our private information private. While there is no foolproof way to keep yourself safe, there are some things that you should know.

 This isn’t a movie.

The Hollywood portrayal of hackers is over-the-top for many reasons. Having one person just sitting around and deciding, “Well, I think I will hack the government or this bank,” isn’t a realistic vision of reality. Most of these data breaches come due to an unknown security vulnerability. Then groups of people will try to exploit this vulnerability.

There are different needs for everyone.

While cyber security can affect everyone, you shouldn’t be overly afraid as an everyday consumer. Most well-known websites are secure and checking out with personal information is often doubled down with extra security.

Still, if you are uncomfortable, use a wallet site, such as Paypal. More and more websites offer these types of payment options, putting down yet another layer of safety to keep your financial information safe.

What about my business?

 That greatly depends on what kind of business you have. If you have a convenience store, there’s a pretty good chance your credit card processing is the only issue with data you’d ever have. Since this is typically handled by a vendor, you don’t have nearly as much to worry about.

Now, if your company stores any sensitive data (especially the personal information of others), you are going to need to step up the security.

How much do you have to lose?

 This isn’t a trick question. Really, how much do you have to lose? Financial information? Client information? As bad as it is to have your data compromised, if you run a business that deals with any sensitive customer or client information, you should not only be careful, but you should be protected.

A managed service provider, like Tech Experts, can help maintain your network and data security. This may include firewalls, blocking specific websites, and running routine checks of the security. Sensitive data, like data that can be used in identity theft, should be protected proactively. You can’t save it once it’s been taken.

Yahoo! And The Hack Heard ‘Round The World

Evan Schendel is a help desk specialist for Tech Experts.

In the age of Russian super-hackers and nationwide credit reporting agencies with pitiful security, what could be safe? One thing is for sure – not Yahoo!.

In September of 2016, Yahoo! released the news that 500 million accounts were hacked in the latter half of 2014. That news severely impacted Verizon’s business deal to buy them out, but they only lowered the price by $350 million USD to a total of $4.48 billion USD.

Three months after this business deal was done and the prior hack had been announced, Yahoo! let the nation know that approximately 1 billion accounts had been hacked in 2013. Verizon was not pleased, to say the least.

Just recently, Yahoo! released even more grave information.

In the earlier part of October, Yahoo! bumped the number of affected accounts up to 3 billion. This estimate encompasses every single Yahoo! account, including its subsidiaries like Tumblr and Flickr. That is a lot of data – and if you had any accounts (even unused) linked to these websites dating back to 2014, you could have even had the information sold.

The cybersecurity firm InfoArmor has reported some of this information has been sold on the dark web, a small part of the web not indexed by search engines.

The group selling this information has sold the data to three sources, two of which are known spammers. All paid upwards of $300,000 USD.

With this information, reused passwords from past accounts can be the largest risk, as many people recycle the same password(s) for all of their various online accounts. While no financial information was stolen, security questions, dates of birth, and backup emails were taken.

All of this can be used for not only breaking into the Yahoo! account in question, but also any other accounts with similar information.

A good course of action from here on would be to, as you should, never reuse passwords, and change any existing passwords you feel might be in danger. Ensure that no shady happenings have occurred with any accounts, up to and including bank accounts.

The information sold was reportedly utilized to spy on a range of US White House and military officials, alongside Russian business executives and government officials.

With this information kept in mind, a document was released stating that four men were indicted, two of whom were Russian intelligence officers working for the Russian Federal Security Service. Which is, ironically enough, an agency dedicated to aiding foreign intelligence agencies track cybercriminals.

To finalize, remember to keep safety measures on all your accounts and protect yourself from email fraud or spam to the best of your ability. Only sign up for accounts on legitimate websites and, when you do create an account, use a unique password for that site. For sites with sensitive information, elect to use two-factor authentication when possible.

That way, when a company’s security is pushed back in lieu of other things, you can serve as a second defense for yourself.