Do I have to seal the webcam and stop monitoring Google?

Why a two-factor authentication and a PIN code on a SIM card?

Billions of Internet users, whether voluntarily or otherwise, are Google's customers. Someone only uses mail, someone who uses a "cloud" storage service or storage of photos, someone just searches for information on Google. However, not all Android smartphone users can avoid registering with Google services when the device is turned on. Otherwise, its functionality will be reduced as much as possible. For example, someone will not be able to download apps from Google Play.

And with all these billions of Android smartphone owners, Google follows it. In addition, not only shares in business services can be recorded, but also the movements of people. The Soviet KGB did not even dream of that.

First, they do it for targeted advertising. Advertisers really like when their product is seen by those who can buy it. If you follow this link to the "Advertising Preferences Settings" page, you can understand how the advertiser sees you.

For example, one of my main interests is the Silver Screen theater network because I visited this advertiser's site. Good Corporation notes that she does not sell our personal data to anyone. Nevertheless, the company actively uses them when selecting the ad that will work for you as efficiently as possible.

And Google pulls information about us from all available sources. To check this, visit the "My Actions" page, which displays your activity in all Google-related apps and services. You can find what you're looking for on the Internet, the news you're reading, the videos you're watching, and what you're saying to your smartphone. All these actions have checkmarks. If you delete them on this page, Google will no longer follow you. Probably.

You can also disable Location History – your personal "Timeline", which can be viewed in the "Maps" service. For example, I've stored there all the history of the movements since May 2015. That's why I know that on May 20, 2015, I went to a movie night in the center of Minsk, after having dinner on the Avenue of Independence. And on September 20, 2016, he went to the academic book.

Probably, such detailed (though often erroneous) information can scare many people. This is fine if all this information is only available to the account holder, but no one is immune to its "hijacking". Therefore, at this stage, it is necessary to ensure two-factor authentication for all your accounts. This is to link the entry to the phone number: even if the account pbadword falls into the wrong hands, an attacker may hang in the second step of the check.

Of course, this is not a panacea. Timur Seifelmlyukov, the famous Russian popular podcast "Zavtrakast", was stolen by a cell phone, took out a SIM card and hacked some accounts with the help of a two-factor authentication. The problem was that Timur did not have a PIN code on this SIM card. Do not be like Timur.

If you wish, all of the above mentioned data from your Google Account can be bundled into a large archive and taken with you. For example, if you suddenly want to permanently delete your Google Account. These archives can include all your Google Photos or Drive photos, as well as any videos uploaded to YouTube.

It should be understood that Google is not the only one to take care of this monitoring of the user for advertising purposes. For example, the Crypt technology developed by Yandex does not manage the personal data of the user, but can badociate with it a number of identifiers. Say "cat owner" or "motorcyclist". These credentials are badigned to the unnamed user based on search queries, visited websites, Internet access time, and so on. Advertisers can set their ads to allow you to view this information.

Popular social networks and big apps know no less about their users, and perhaps even more. How to reduce this flow of transmitted information? Search through the settings of these services, as well as in the mobile app permissions, and disable conditional Facebook access to the microphone or location history. How to avoid information leaks to cybercriminals? Set up a two-factor authentication whenever possible, do not forget the PIN code of the SIM card and unlock the mobile phone.

Why is it better to seal the webcam?

In April 2016, an anonymous user of the Dvach graphics card entertained the Internet by broadcasting live images from pirated webcams of different people who were unaware that thousands of people were watching them. In short, this is the answer to the question of whether it is necessary to give in to paranoia and seal the peephole of a webcam on a laptop. But let's discuss this in the context of our topic of "Internet show" a little more.

All of the hacker's victims had a free MediaGet program installed on their computers – a download manager designed to download torrents and videos from the Internet. Using the program for remote network administration LuminosityLink and vulnerabilities of MediaGet, an attacker connected to computers and almost took control: obscene content audio and video files included, profiles of victims on social networks, personal data and correspondence.

Why did he do that? The hacker himself managed to give several anonymous interviews before disappearing. In it, he claimed to fight against piracy and to encourage people to buy software and licensed content. Nevertheless, during the jets, it was clear that the attacker took pleasure in making fun of the computers of his victims. In addition, viewers regularly transferred small amounts of donations, as well as "lulz" commands on the next computer hacking victim, for example to activate a bad clip or a Russian anthem with a loud voice.

How to avoid becoming a victim of such an invasion of personal life? In fact, it's very simple: do not download software from questionable resources. It is possible that it is infected with Trojans that usefully open the back door to break your computer and access your webcam. And even an antivirus can not always respond in time to such a threat.

If you follow the rules of hygiene of the network but believe that the attackers have specific projects (a more economical version of Mark Zuckerberg), simply stick the eye of the camera and the hole of the microphone. Believe me, no hacker will be interested in watching the black screen.

What is the danger of default pbadwords?

Even earlier (in 2009), in the same place, another user shared his enthusiasm about how to get an image not from a website, but from an IP camera. These are generally installed in production, in public places (banks, shops, swimming pools) and even in private homes. The advantage of IP cameras is that they essentially constitute a microcomputer that can be connected via a web interface. You can do it from any device with the Internet. This is also a disaster for IP cameras, whose installation and initial setup are done by novice people in the principles of network security.

In fact, this web interface, ten years ago, was well indexed by search engines. It was enough to ask Google for a part of the line at the corresponding address to find a lot of links leading directly to the webcam control panel installed in someone's office. Since then, a lot of water has flowed, many models of IP cameras have been fixed and the zealous search robots' bursts are moderate, so tens of thousands of direct links have already gone from the search engine. But individual cases can still be found.

However, this research has so far been greatly facilitated by various network services. For example, the Shodan service developed by American John Matherly searches for devices connected to the Internet (including cameras, modems, printers, network storage, etc.). So, for example, four years ago, thanks to this black search engine, security expert Chris Vickery had access to 25 million different accounts with names, e-mail addresses, phone numbers, etc. . Thus, Shodan, like any modern technological tool, can be used for both evil and good. This should once again remind an ordinary user: If you have a device connected to the Internet at home, make sure it is not accessible via standard pbadword sets such as admin / pbadword.

As shown by a superficial search for cameras in Shodan, there are many careless users.

How it works? Suppose that Chinese digital video recorders appear in a search engine under the simple abbreviation DVR (Digital Video Recorder). The connection by IP address to such a camera will bring up the authorization menu. If you search Google for the default factory pbadword for this category of devices, you can find very mundane results. And these mundane results are often enough to be the key to video surveillance systems. People bought a steel door, but forgot to lock it with a key.

Remember that our task is not to teach you how to hack, but to warn about the importance of its prevention. Here is an example of negligence on a global scale. In 2016, security experts fought the vast network of Mirai zombies, consisting almost entirely of compromised Internet devices. These were mostly digital video recorders, but refrigerators, toasters and temperature regulators were also found in the infected army. The hacking of these devices consisted of a complete search of 61 known combinations of pbadwords and default connections. At the height of its activity, nearly 500,000 devices pbaded under the banner of a network of zombies. And all this power has fallen on the demands of the DNS operator, whose work, as well as many popular resources (Twitter, Spotify), has been disrupted.

Read also:

Onliner Library: Best Materials and Article Cycles

Our channel in Telegram. Join now!

Quick contact with publishers: read the public chat Onliner and write us on Viber!

Reproduction of texts and photographs of Onliner without the permission of the publisher is prohibited. [email protected]