Latest — Jul 1, 2022

Almost everything that can be connected to via a network can be also hacked. But what about cars? Can they be hacked? If so, how much time do criminals have to spend on it?

In fact, hackers are able to shut off your engine while you’re driving, control your steering or brakes, and even open and close your doors and boot. As a result, driving a hacked car can be pretty dangerous.

Finding a hole in your car's software is all it takes for someone to compromise the system. It isn't always that difficult for hackers to find a means to get into your car, even though it could take some time. A committed hacker can enter a reasonably sophisticated system with enough time. According to the research of Upstream — a car cybersecurity organization — by 2025, more than 86% of cars will be connected to the global network. ‘Connected’ refers to the sharing of data among servers, applications, phones, etc. Because of this connectivity, there are several ways that automobiles can be compromised.

What damage can hackers do if they hack your car?

There are multiple ways criminals can hack your car. First of all, the brake pedal and engine are vulnerable. Although your brake pedal is within your control, the onboard computer's microprocessors are what actually cause your brakes to function. Your brakes can be disabled and the engine can even be stopped by hackers who get access to your onboard computer.

Hackers also could interfere with the movement of the car using wipers, heaters, conditioners, or radio. Each of these options could be controlled remotely and used to distract the driver. Although windshield cleaning fluid is helpful, it’s more of a burden when it’s released repeatedly or abruptly. If that’s the case, it might endanger your visibility. Your windshield wipers and this system are both hackable. The same can be said for heating or conditioner systems. They are useful until they can be used to harm you.

Another way of hacking can be performed by unscrupulous repair shops. The majority of initial diagnosis is done by onboard vehicle diagnostics equipment. However, dishonest businesses may trick your diagnostics system into suggesting that you need repairs that aren't actually necessary. This is an easy way for them to earn money. Thus, it’s important to use services that are reliable.

Hackers can also use a car’s interconnected system to impact one’s car safety and its correct operation. This could, for example, lead to forced acceleration. When a car is driven or reaches a given speed, power locks frequently contain functions like automatic locking. Such integrated systems in cars make them susceptible to issues like power locks being overridden to compel an acceleration.

It’s also possible to extend the key fob range to gain physical access to the car. Modern wireless key fobs open automobile doors when the owner is nearby. Thieves who aren’t focused on harming the car owner, but rather looking to steal the car can also exploit the functionality of the key fob and increase its range using radio repeaters. It allows one to unlock the car from up to 30 feet away.

Moreover, if hackers break into your car’s entire system, they could gain your private information, especially if the car is equipped with a GPS telematics system. This data could be misused to invade your privacy and possibly to learn where you live, work, or send your children to school. The serious threat is presented by the connection between your car and your smartphone. Some advanced hackers might be more interested in your connected mobile phone than the automobile’s system. Your information is in danger if they manage to get access to the system in your car and locate the mobile device that is connected to it. The connected smartphone is a direct source of your bank credentials, passwords, and other sensitive data.

Will your car be hacked?

Nowadays, almost every car is susceptible to being hacked. But, talking about chances that you will be impacted by car hacking, it is unlikely you'll experience any issues with hacking at this stage. In any case, it’s better to be safe than sorry. Due to the lack of financial benefit, most hackers prefer not to enter this sphere, with the exception of car thieves who use elements of hacking to neutralize the car’s alarm and relevant security systems.

Car hackers frequently do this for amusement or malicious intent. Very few hackers in the real world have targeted automobiles. Instead, the majority of vehicle hacks are either theoretical or carried out by research teams looking to find weaknesses in the car’s protection. Most car hacks are difficult for average hackers to execute since they typically call for a great deal of knowledge, equipment, and sometimes even physical access to the vehicle itself. However, vehicle makers are still working to develop defenses to shield their products from cyber harm. All due to the potential possibility of hacking attempts. More and more vehicles become connection-available, smart, and independent, so it may lead to an increase in car hacks in the future.

How can you protect your car?

Currently, hackers aren't really interested in your car. However, the situation may change. Hackers may become more interested in and adept at hacking cars as they become aware of their ability to kidnap automobile owners, steal their data, and carry out nefarious deeds like larceny. There are some easy steps that should be done by every car owner to protect their privacy and security.

First of all, do not program your home address into your GPS system. While having a GPS may be handy, car thieves and hackers can use it to locate your home location.

Then, it’s necessary to limit wireless systems connected to your vehicle. You are most in danger from such technologies, as wireless or remote systems are frequently operated online and are more susceptible to hackers than many other systems.

And the last, but not the least piece of advice, use reputable shops, as anyone who gets physical access to your car and is computer savvy can wreak havoc on it. Therefore, when you leave your automobile in a shop, whether it’s for minutes, hours, or days, you run the risk of someone hacking it to make it seem as though you need repairs that aren't actually required.

How easy is it to hack your car?

Almost everything that can be connected to via a network can be also hacked. But what about cars? Can they be hacked? If so, how much time do criminals have to spend on it? In fact, hackers are able to shut off your engine while you’re driving, control your

Jun 16, 2022 — 4 min read

Whenever the word ‘cybersecurity’ appears, the word ‘password’ springs to mind in parallel. People use them everywhere, from mobile phone locks to the protection of personal and state data stored on individual devices or websites. Everyone knows that a strong and secure password is able to save our sensitive information, however, cybercriminals have invented a huge variety of methods to hack our passwords in order to compromise us. So, modern problems require modern solutions. Now, there are a lot of alternative ways to protect access to personal data. The usual passwords are replaced by multi-layer authentication or just more progressive technologies. These are fingerprints and face recognition functions, keychains, and password vaults. But what is the future of passwords? Will they become an outdated option or stay a necessary part of access.

Why are passwords considered weak?

With the growth of cybercrime, the requirements for passwords are increasing. The first passwords consisted of short, easily-memorized word or numeral combinations, but they were too easy to crack. Now, passwords are sophisticated alpha-numeral combinations, sometimes too long to remember. Nevertheless, it is still possible for hackers to find the solution and get access to your account. Passwords are usually based on some common information like a date of birth, the name of a child, or a home pet, which implies that hackers are able to find out what it is if they have enough time. The other reason why passwords become targets is the fact that they provide unrestricted access to your account. Moreover, many people use the same or similar passwords for many different accounts, so they simplify the process of collecting their sensitive data from multiple sources. Of course, using the same password for every account mitigates the risk of forgetting the password, but reusing the combination is quite risky. Users are sure that they won’t be hacked as the data they store is not valuable enough to be stolen, but it’s a common mistake as almost everyone can be compromised or fall victim to a bot attack that is aimed at spreading spam or malicious links. So, the best way to protect your privacy is not to reuse the same password and exploit multi-layer authentication for your accounts.

The anti-password movement

This movement was established as soon as people understood that usual passwords are more vulnerable than they should be. Passwords are inconvenient and provide multiple avenues for fraudsters to obtain your data and profit from it. The most typical method for hackers to profit from this data is to sell it on the dark web for fast cash. Advanced attacks on logins have been known to shut down entire corporations or launch ransomware campaigns. Credential stuffing is the most well-known form of password hacking, it is based on the reusing of the same password for multiple accounts, pairing it with different email addresses or logins. It is usually aimed at taking over as much information from corporate accounts as possible. Thus, internet users realized that passwords are not the most powerful protection that can be exploited for security goals. So, what was made in addition to, or in place of, the password?

Multi-factor authentication

Single-factor authentication refers to the requirement of only one password to access an account. This method of protection has been used for a long time, but now it’s obsolete. The new practice in authentication is multi-factor access which requires passing two or more layers of authentication before accessing an account. The possible steps of this sophisticated technology could be the PIN code, the server-generated one-time code sent to your email address or mobile phone, or even fingerprints and face recognition.

It makes access more complicated but also serves as an additional barrier to compromise attempts and data thieves. This motivates them to move on to more straightforward targets. While it isn't infallible, it does dissuade attackers from trying anything else, potentially rescuing you from disaster.

Another successful way of protection is the passphrase that is used instead of common password combinations. It is represented as the meaningful or meaningless word combination consisting of up to 100 words. It seems to be hard to remember a long phrase, but it is much easier than remembering alpha-numeric combinations including substitution, capitalization, and different numbers. Hackers will find it incredibly difficult to break into a system since passwords are several words long and can contain an endless number of word combinations. Another good thing about such protection is the lack of necessity to install the special apps or systems required to use this technique. It can be applied to every account without special password character limits.

Is the password dead?

The first hacking attacks were conducted as early as the 80s. Regardless of this, people still use passwords as the main protection force for their private information. So, why can’t we replace it with more modern and convenient technologies?

First of all, it’s related to the ease of creating passwords. The password is generated by the user himself, so there’s no need to create and exploit special services that would be able to provide protection for the account on the user’s behalf. Another point is the privacy of users. The password is one of the more private ways of authentication as it doesn’t require any personal information, it can be a random combination of numbers and lack sense, unlike methods such as biomedical data access, which is connected with personal information that could get out into cyberspace. The last but not the least important point lies in the simplicity of replacing passwords. It can be useful in the event of a major data breach, as it’s easier to change the password than the biomedical options that are used for fingerprints or face recognition.

Conclusion

So what will be the future of passwords? Passwords will definitely be used as one layer of a multi-factor security system for the next few years as there are still no more useful options for saving our privacy than passwords. People are continuing to look for the perfect method of protection, so maybe in a few years, something will finally appear and the world will be able to say goodbye to long sophisticated passwords. Some services have already turned to new systems of access, like one-time codes or fingerprints, but there is still a possibility of being hacked. Indeed, users still believe that a multi-layer system of protection is more convenient than any possible alternative.

The future of password security

Whenever the word ‘cybersecurity’ appears, the word ‘password’ springs to mind in parallel. People use them everywhere, from mobile phone locks to the protection of personal and state data stored on individual devices or websites. Everyone knows that a strong and secure password is able to save our sensitive information,

Jun 15, 2022 — 3 min read

Migration to PHP 8

The new version of Passwork now runs on PHP 8. Previous versions of PHP are no longer supported.

New access rights window

The window with access settings for vaults and folders has been completely redesigned. All users and roles having access to a vault or folder are now collected here as well as links and sent passwords.

The rights can now be edited on each tab by selecting multiple objects at once. All modified and deleted objects are marked by an indicator until you save changes. Search filters allow you to display all objects with a certain access right.

Ability to quickly view who accessed vaults and folders

When hovering over an icon next to the name of a vault or folder you can see some brief information about the number of users, roles, links and sent passwords.

Clicking on a list opens up the window for access rights management inside a given vault or folder.

Granting access to individual passwords without adding users to a vault

In previous versions of Passwork, it was possible to send a password copy to users. In the new version, users will see the original password in the Inbox, which will be updated when the original vault changes.

That means you can now give access directly to a password without adding users to a vault or folder.

You can send a password and enable users to edit it, then when a user changes this password, it will be updated for you as well.

Ability to add TOTP keys and then generate 2FA codes

When adding and editing a password, you can add a TOTP field and enter a secret code to generate 2FA codes. The generated code is updated every 30 seconds.

The "Password" field is now optional, so you can keep 2FA codes separate from main passwords.

Adding TOTP keys and generating 2FA codes is available in the web version, browser extension, and mobile app.

Failed login attempts are now displayed in the action history

The action history displays all failed user authorization attempts. This allows you to better track unauthorized access attempts and the actions of blocked users.

You can see all failed login attempts on the Activity Log page by enabling a filter in the Action column.

Ability to enable priority authorization using SSO

The new version of Passwork now allows you to enable SSO priority authorization for all users. You can enable it in the "SSO settings" section.

With this option enabled, only the "Sign in via SSO" button is displayed on the authorization page, the login and password fields appear only when switching to the standard authorization.

Optimized work with a large number of users

Passwork has been tested and optimized for 20,000+ users.

Improved LDAP integration

  • Test mode for LDAP roles and groups linking
  • Saving LDAP logs to a CSV file
  • Updating user attributes during synchronization with LDAP directory

Mobile app update

  • Passwork 5 support
  • Ability to copy passwords on long press
  • New home screen view with separating by type of vault
  • Inbox passwords
  • Improved search mechanism
  • Debug mode

If you are already using Passwork, update your version
How to upgrade Passwork 4→5 version.

Or request a free demo at passwork.pro.

Introducing Passwork Self-Hosted 5.0

Migration to PHP 8The new version of Passwork now runs on PHP 8. Previous versions of PHP are no longer supported. New access rights windowThe window with access settings for vaults and folders has been completely redesigned. All users and roles having access to a vault or folder are now

Jun 9, 2022 — 4 min read

Are you sure that your home is protected in the way that you think? Sure, you can secure it with modern locks or an alarm system to protect yourself from robbers who want to steal your money or furniture, but what about those who are looking at your home as a means of stealing your privacy?

As the number of smart electronic devices we use every day increases, we have to make sure that the personal information that is recorded by these devices is safe.

So let’s talk about home security and how to protect yourself from those that are looking for ways to hack your smart devices.

Which smart devices can be hacked?

Almost every smart system used with modern devices is potentially dangerous as hackers know hundreds of ways to obtain remote access to them. But still, some devices seem too ordinary and primitive to be hacked. Perhaps a robot vacuum cleaner or a smart baby monitor. But there are more sophisticated technologies like a smart TV or smart house security system. They're all vulnerable since they're connected to the internet and are frequently part of your home WiFi network. Recent research showed that every one of them has several serious security flaws.

What are the risks?

Many experts note that when it comes to smart home devices, you should be thinking about ‘when’ they will be hacked, not 'if,' because many are notoriously easy to hack and provide no protection whatsoever. Scientists from the European watchdog Eurovomsumers examined 16 regularly used devices from a variety of manufacturers and discovered 54 vulnerabilities that exposed consumers to hacker attacks, with potential implications ranging from security system deactivation to personal data theft.

According to the results of research, hackers can gain access to highly sensitive information such as banking credentials or even utilise many linked devices to stage enormous distributed denial of service (DDOS) operations, which allows them to ruin banking or other service networks.

Whenever most internet users realise the vulnerabilities associated with the usage of computers connected to the Internet, many people still do not pay enough attention to the fact that their home smart devices also present the same danger. As all home devices are commonly connected to the same Wi-Fi network, it gives an opportunity for hackers to get access to all domestic technologies at the same time.

Security gaps

One of the most significant dangers that are presented by smart home devices is the potential for a ‘deauthentication attack’, in which a hacker orders the device to disconnect from the house WiFi. It may cause the blocking of systems and devices, which won’t be able to respond to users’ requests as a result. It was also discovered that some apps designed for home appliances are able to transfer unencrypted data. It means that if hackers break into their system, they’ll gain access to the owner's personal information, such as WiFi passwords or even listen to what happens around the device if it’s equipped with a microphone. A stolen WiFi password may provide hackers access to phones or computers connected to this network and lead to an eventual data leak.

Due to the gaps in security systems, smart devices often have flaws that make them vulnerable to attack. Designers of these devices focus on the comfort of exploitation and multifunctionality of their products, but not on their security. But now, when almost everything from house alarms to refrigerators can be hacked, it becomes a paramount point.

Recent research that took place in America and Europe has shown that about a half of interviewees use smart home devices, but most of them do nothing to protect themselves from being compromised. Thus, even though people know about the risks, they still do nothing to minimise them. One of the possible reasons for such behaviour is the lack of knowledge and accessible information about how to make the usage of smart home devices secure.

How can you secure your home devices?

Of course, the most basic way to protect yourself from the hacking of your smart home devices is just not to use them and replace them with less functional but safer options. But what if you can’t go without such a pleasure? Well, Euroconsumers — one of the most well-known private organisations for consumers — developed a list of recommendations that can help people who want to maintain their privacy while using smart devices:

1. Use an ethernet cable instead of Wi-Fi to connect your devices to the network where possible;

2. Create strong multilayered passwords for your devices and Wi-Fi;

3. After installing your WiFi network, always change the default name;

4. Always keep your devices up-to-date and switch them off if you’re not using them at a certain moment;

5. When you use a device for the first time, always finish the setup procedure;

6. Do not buy cheap devices with a low level of protection.

Conclusion

When we’re talking about smart devices, we’re not just talking about full smart house systems such as alarms. Rather, we’re talking about smart appliances such as TVs, doorbell systems, vacuum cleaners, and other common household things. Using them makes our lives more comfortable and saves time and energy. However, they each have their own flaws, and many are vulnerable when it comes to hacking. So, consumers should pay attention to this point of using smart devices and consider all possible ways to protect their privacy without refusing to exploit such useful appliances. If you use one of these devices, try to get more information regarding what manufacturers pay more attention to regarding the security of their goods. Moreover, make sure to protect your own devices from hacking. It won’t take a lot of time or effort, but it will save your sensitive data and protect you from being compromised.

How secure are smart home devices?

Are you sure that your home is protected in the way that you think? Sure, you can secure it with modern locks or an alarm system to protect yourself from robbers who want to steal your money or furniture, but what about those who are looking at your home as

Jun 8, 2022 — 5 min read

If you still haven’t heard about Starlink, you’ve definitely heard about its creator — Elon Musk.

Elon Musk is a billionaire entrepreneur most famous for his electric vehicle firm, Tesla, and his space exploration company, Space X. Maybe you learned about him from our news headlines talking about his attempts to acquire Twitter or his past endeavors stirring up trouble on social media. Perhaps you only know him as one of the world's wealthiest people. Starlink is the less known facet of Elon Musk’s career that is focused on providing internet to every part of the world including hard-to-reach places, and that’s what we’re going to be talking about today.

Starlink is the name of the global and constantly growing network of orbital satellites overhead, based on SpaceX technologies. This project began in 2015, and the first prototype satellites were sent into orbit in 2018. In January 2021, after three years of development and successful launches, Starlink reached 1,000 satellites. Over the course of the next year, this number doubled. Now, Starlink has more than 2,000 operational satellites orbiting the Earth. Indeed, it’s still just the beginning. The plan will be completed as soon as the network covers most parts of the Earth’s surface. To do this, Starlink requires about 12,000 satellites in orbit.

Currently, the project’s creators are assuring the provision of its service in 32 countries. This number will increase every year. However, the budding broadband provider still has a backlog of prospective customers waiting to receive equipment and connect to the system.

Starlink offers high-speed broadband internet, the spread of which, according to the speed-tracking website Ookla, is above 100mbps in more than 15 different regions. When we’re talking about the United States, Starlink offers average download speeds of around 105Mbps and upload speeds of around 120Mbps, which is about five or six times faster than their satellite rivals. Elon Musk is focused on doubling the average internet speed and reaching 300 Mbps. In any case, even now, we can observe his success as the Starlink Internet system really is one of the fastest in the world.

How much does it cost?

The initial cost of the service was $99 per month, and the initial one-time payment for the satellite dish and router was $499. As Starlink is focused on the availability of the internet, it was announced that the cost of the service is going to decline in a few years. But, in March of 2022, the company announced a price increase. So now, the monthly payment is $110 and the initial payment for the equipment is $599. This price is quite high for satellite Internet, but the creators of Starlink bet on the wide coverage of their network and its availability in hard-to-get places.

As the president of SpaceX said last year, Starlink aimed to keep pricing as straightforward and transparent as possible, and that there were no plans to add more levels to the service. However, in 2022, a new premium level with a scanning array twice as large as the normal plan and download speeds ranging from 150 to 500Mbps appears to be modifying that strategy. This option costs $500 per month, and the initial payment for equipment will be $2,500. Now the company is taking orders for that tier, with the service set to arrive later in 2022.

Starlink, like any other modern technology, has some benefits and drawbacks. Let's take a quick look at them.

The pros of Starlink:

1. Faster Internet. The internet offered by SpaceX is definitely faster than traditional satellite Internet. Starlink is so quick that it's almost impossible to compare it to traditional satellite connections.

2. Relatively cheap. Starlink's internet service is reasonably priced. In rural and suburban locations, it is less expensive than cable and satellite internet. Suburban consumers pay the same price as city residents in many areas, but they get much slower internet.

3. Wide availability. Regardless of your location, Starlink is available to every customer. It has wide network coverage and provides fast, unlimited Internet from Antarctica to the middle of the ocean.

4. Faster disaster recovery. Storms, tornadoes, wildfires, and floods can all cause internet cable to be seriously damaged. After any type of disaster, the recovery of the cable Internet takes quite a lot of time. The process of fixing it isn’t just costly but also time-consuming, unlike Starlink. The Internet will be available straight away after the disaster.

The cons of Starlink:

1. Hardware installation. For many users, hardware installation could become a problem as the creators of Starlink don’t provide the installation of the equipment needed for using their network. Thus, customers have to install the equipment themselves or hire professionals to spend extra money.

2. It’s not portable. When compared to cellular internet, Starlink is not as portable. We can use our phones to access the internet from any place. The Starlink dish is not at all portable. Though the dish can be installed above an RV or a boat, unfortunately, it is not small enough to be carried easily.

3. Service disruptions depend on the weather. It's common for satellite service to be disrupted by rain, storms, or solar flares. However, this isn't a major pro for cable internet either; it’s also subject to this type of disruption.

As the number of Starlink’s users increases, the question of the security of this Internet connection has become acute. People want to make sure that the provider that they use is safe enough and that nothing threatens their personal data.

The main problem of satellite Internet is that some of the information carried by satellites can be intercepted as it is translated to and from the Earth. Some of that data can also be changed before it reaches its intended destination. This does not, however, necessitate the use of specialized equipment. According to a recent study, this could be accomplished with $300 worth of equipment. It's vital to keep in mind that this issue does not affect all traffic. If you're using an encrypted connection, this form of assault is likely to be unsuccessful. However, it does underline the reality that as satellite internet becomes more ubiquitous, cybercriminals will have additional chances.

Conclusion

Starlink is a quickly growing and highly available technology that is just at the start of its development. However, it already could demonstrate great advantages over the cable network. Like any modern technology, it has several disadvantages, such as weather dependence and the risks related to satellite networks. Now, SpaceX promises a very high level of service with wide coverage, but as practice shows, not all of their promises are worth trusting. If you’re going to get the Starlink dish, you have to consider this issue deeper to make sure that you’re making the right choice.

How secure is Elon Musk’s Starlink?

If you still haven’t heard about Starlink, you’ve definitely heard about its creator — Elon Musk. Elon Musk is a billionaire entrepreneur most famous for his electric vehicle firm, Tesla, and his space exploration company, Space X. Maybe you learned about him from our news headlines talking about his

May 27, 2022 — 4 min read

From smartphones to automobiles, almost every device is equipped with Bluetooth technology nowadays. Many people use it every day while connecting to headphones, sending files, or making remote calls in their cars. However, most people are unaware that using Bluetooth carries a number of risks when it comes to your privacy and safety.

What is Bluetooth?

Bluetooth technology is a standard for creating a local network that allows neighboring devices to exchange data wirelessly. In other words, you can use Bluetooth to transfer data between devices such as your phone and headphones without the use of a cable. Bluetooth is widespread and free to use, that’s why it is so popular with device creators and consumers.

Bluetooth was invented in 1994 by Ericsson — the telecommunications equipment manufacturer. Now, you can find this technology in almost every electrical device around the world. Even smart household appliances are equipped with Bluetooth nowadays, so you can send instructions to your refrigerator or vacuum cleaner remotely.

Bluetooth hacking

Of course, as with most standards, Bluetooth has its disadvantages and security vulnerabilities. Bluetooth allows devices to communicate with one another across short distances and for a limited time. As a result, most Bluetooth hackers focus on getting close to a target and carrying out the assault in a short amount of time. Particularly in areas where people tend to linger around. There are a number of places that pose a great amount of danger to your devices. For example, cafes, the underground during rush hour and on the bus.

However, when the attacker’s target moves out of range, it could stop the attack and ruin the hacker’s plans. It's worth noting that some attacks can be launched from hundreds of meters away. So moving a few steps isn't the same as being out of range.

Some hackers are also able to control your device for under 10 seconds using Bluetooth. Even more concerning is the fact that hackers can accomplish this without engaging with the user.

There are a variety of Bluetooth hacking techniques:

1. Bluejacking

This type of cyberattack on Bluetooth connection lies in sending spam messages via Bluetooth. One Bluetooth-enabled device hijacks another and sends spam messages to the hijacked device. First of all, this can be annoying to get such spam. But if you click it and accept files from an unknown device, you may get into big trouble. The message may contain a link that will lead to a website that is designed to steal your personal information and compromise you.

2. Bluesnarfing

This type of attack is similar to the previous one but much more detrimental to your privacy. During these hijacking attempts, hackers can not only send spam messages to one’s phone, but also collect some private information like chat messages, photos, documents, or even credentials from the victim’s device. All of this will be used to compromise you or for extortion attempts.

3. Bluebugging

This is the last and the most dangerous type of Bluetooth hijacking. Hackers use your device to establish a secret Bluetooth connection. This connection is then used to acquire backdoor access to your device. Once inside, they can monitor your activities, gain your personal information, and even use your personality on your device's apps, including those used for online banking. This type of assault is known as blue bugging since it resembles bugging a phone. Once hackers get access and complete control over the phone, they get the opportunity to make phone calls themselves and listen in on every phone conversation.

Bluetooth security concerns

If you think that the direct invention of hackers is the only danger that Bluetooth presents, we have some bad news for you. Many apps including popular ones such as Google or Facebook can monitor the location of users through the use of Bluetooth technology.

By switching on Bluetooth, you enable the transmission of information, but you also enable your device to catch adjacent Bluetooth signals. Thus, Bluetooth signals are used by app developers to pinpoint your location. So, the IT companies that develop apps can find out the information about your location wherever you go and keep track of your everyday activities. The most terrifying aspect here is that Bluetooth enables extremely precise tracking. The good thing is that most app creators write that “the usage of their apps requires Bluetooth utilization” in their privacy statement. Unfortunately, the majority of consumers do not read the privacy statements of the apps they use, so they automatically accept all the requirements and rules of the new app.

To protect yourself from activity and location tracking, you should read each app’s privacy policies and not use apps that require Bluetooth. If you determine that some of the apps you regularly use are requiring Bluetooth, you can disable the location tracking function for them.

What do we need to do to safeguard our Bluetooth connections?

In mentioning all of the risks associated with the use of Bluetooth, we have to give you some advice regarding the safeguarding of your devices.

1. Make your Bluetooth device non-discoverable. This can be done in your device’s settings.

2. Do not send any sensitive information via Bluetooth as it can be caught by intruders.

3. Do not accept any files or messages from unknown devices via Bluetooth, especially in crowded places.

4. Always turn your Bluetooth off after using it to prevent unwanted connections and breaches.

5. Don’t share anything via Bluetooth in crowded places, even if you want to connect to your friend’s device.

6. Install some security patches to protect your device and stop any possible tracking via Bluetooth.

Conclusion

Bluetooth is a common and useful technology that is used in almost every device due to its convenience and fast connection. But the simplicity of its technology leads to several flaws, which is why Bluetooth can’t be named a very secure standard. Nevertheless, most people cannot avoid using this technology — it’s just too widespread. To keep your device safe, we recommend following the aforementioned security rules.

How secure is Bluetooth? A complete guide on Bluetooth safety

From smartphones to automobiles, almost every device is equipped with Bluetooth technology nowadays. Many people use it every day while connecting to headphones, sending files, or making remote calls in their cars. However, most people are unaware that using Bluetooth carries a number of risks when it comes to your

May 19, 2022 — 4 min read

What is WebSocket?

The WebSocket API is a cutting-edge technology that allows the opening of bidirectional interactive communication sessions between a user's browser and server. You can use this API to send messages to a server and obtain event-driven responses instead of polling the service. WebSocket is a stateful protocol which means that the connection between the client and server will remain open until any of the parties terminate it.

Consider the client-server communication: when the client initiates the connection with a server, a handshake occurs, and any other request will go via the same connection until either of the parties closes the connection.

WebSocket is a good thing for services that require constant data transmission, like network games, online trading sites, and other websites that work continuously.

Where is WebSocket used?

1. Real-time web applications. Such services use the WebSocket to provide constant data translation to the client. This type of connection is preferred over HTTP as continuous data transmission goes through a connection which is already open. This makes the process much faster. A good example of a real-time web application is a Bitcoin trading webpage that continually pushes constantly changing data about the bitcoin’s price to the client;

2. Gaming applications. In such applications, data must be constantly transmitted from the server to the client’s computer. Otherwise, the collective acts between multiple users of the application will be unavailable;

3. Chat applications. WebSockets are used by chat applications to create a connection just once for the purpose of exchanging messages, video and audio between the interlocutors.

The Vulnerabilities of WebSocket

WebSocket technology causes a lot of excitement and at the same time disagreements among web developers. Despite all the benefits that it provides, it still has some risks as the technology is relatively new. Due to the complexity of WebSocket programming, it’s hard to provide comprehensive security for applications that use this technology. The constant transfer of data without closing the connection after every request opens up an opportunity for hackers looking to acquire access to the client’s data.

In early versions of WebSocket, there was a vulnerability named ‘cache poisoning’. It allowed the attack of caching proxy servers, particularly cooperative ones. The attack occurs in the following manner:

1. The attacker invites the client to attend a special webpage;

2. This webpage starts the WebSocket with the hacker’s website;

3. The page makes a WebSocket request that can’t be accepted by a number of proxy servers. The request passes through that server, and after that, the servers believe that the next request is the new HTTP one. But in fact, it’s a WebSocket connection that continues translating data. Both ends of the connection are now controlled by the hacker, so the hacker can transfer malicious data through the open connection. The deceived proxy-server will get and cache the malicious data;

4. Indeed, every user who utilises the same proxy-server will get the hacker’s code instead of real jQuery code.

The risk of such an attack had remained theoretical for a long time, until an analysis of WebSocket’s vulnerability showed that it really can happen.

Due to the existence of that vulnerability, WebSocket’s developers introduced ‘data masking’ to protect both parties of the connection from attacks. Masking prohibits security tools from doing tasks such as detecting a pattern in traffic.

WebSockets aren't even recognized by software such as DLP (Data Loss Prevention). They are unable to analyse data on WebSocket traffic as a result of this. This also makes it impossible for these software tools to detect problems such as malicious JavaScript and data leaks. It also makes the WebSocket connection more vulnerable than HTTPS.

Another disadvantage of WebSocket protocols is that they don’t manage authentication. This must be handled individually by any application-level protocols. Especially when sensitive information is being transferred.

The next type of cyber attack that WebSocket can be exposed to is tunnelling. Anyone can use WebSockets to tunnel any TCP service. Tunnelling a database connection right through to the browser is an example of this. A Cross-Site Scripting attack evolves into a comprehensive security breach when a Cross-Site Scripting assault is carried out.

Also, it’s necessary to know that data transfer over the WebSocket protocol is done in plain text, similar to HTTP. As a result, man-in-the-middle attacks on this data are the real threat. Thus, it’s better to use the WebSocket Secure (WSS:/) protocol to avoid data leaks.

How can we improve WebSocket security?

After looking through the main vulnerabilities of WebSocket, it’s necessary to take a look at the ways and tools that are able to protect your WebSocket connection.

First of all, good advice would be to use the wss:// protocol, instead of ws://. It’s really much safer and able to prevent a huge number of attacks from the outset.

Also, it’s necessary to validate the data that comes from the server via a WebSocket connection. Data returned by the server can potentially be problematic. Messages received from clients should always be treated as data. It's not a good idea to assign these messages to the DOM or evaluate them as code.

Another way to protect your connection is via a ticket-based authentication system. The separation of the WebSocket servers that handle headings of transmitting data from the HTTP servers hinders the authorization of headings that are based on HTTP standards. So, ticket-based authentication is a solution to this problem.

So, how secure is WebSocket?

To sum up, we can say that WebSocket doesn’t have a perfect security system, as is the case with any new kind of technology. It’s all due to the complexity of its creation and maintenance. WebSocket has enough vulnerabilities, such as a lack of authentication measures or its data input attack susceptibility, to enable attackers to transmit malicious codes. So, one should always be wary of this fact.

However, WebSocket is a progressive technology that is great to use in some spheres like gaming or trading. That’s why it should be improved to make its usage secure for every connected client or server.

How secure is WebSocket?

What is WebSocket?The WebSocket API is a cutting-edge technology that allows the opening of bidirectional interactive communication sessions between a user's browser and server. You can use this API to send messages to a server and obtain event-driven responses instead of polling the service. WebSocket is a stateful protocol

May 12, 2022 — 4 min read

If you’ve ever set up a wireless router on your own, you’ve probably heard of WPS. You might come across this term in the router’s configuration menus or see it on the backside of your router — but do you know what WPS actually means and how it works? If you can’t answer these questions yourself, then you’re in the right place.

What is WPS?

WPS stands for WiFi Protected Setup. It’s effectively a wireless network security standard that speeds up and simplifies the process of connecting your device with a router. It helps to do it quickly without entering a Wi-Fi password. To enable WPS you should find a tactile button located on the backside of your router or switch it on in the configurations menu of the router. When you turn it on, WPS mode allows you to connect your various devices to your router using the WPS password, also known as the WPA-PSA key.

In fact, WPS is not responsible for the Wi-Fi connection at all. It’s designed solely to send the connection data between the router and the wireless device. Remember, that’s an important distinction.

WPS was an idea of the nonprofit ‘Wi-Fi Alliance’. The alliance is effectively an association of the largest companies that create computers and Wi-Fi devices. More than 600 members take part, including companies such as Microsoft, Samsung, and Intel. Alliance was founded in 1999 to promote Wi-Fi technologies and certificate Wi-Fi products around the world. This standard was created in 2007 to simplify the connection process and since that time, most Wi-Fi systems around the world have adopted it.

How does WPS work?

If you want to connect your wireless device, you have to know the password to the Wi-Fi network. This process isn’t difficult but it takes some time to get the essential data. WPS makes it easier and a bit quicker.

There are some different ways to do it. First of all, WPS can be a workaround for connecting to Wi-Fi without a password. To do so, you should hit the WPS button on your router to enable device detection. Then, take your device and choose the network you need to connect to. The connection will be immediately available and the system won’t ask you to enter the password.

Some wireless electronic equipment like printers also has a WPS button that can be used to make rapid connections. All you have to do is to push both buttons, on the device and on the router, to get access to the wireless network. You don’t need to enter any data here, as the WPS delivers the password automatically. Also, that device will be able to connect to the same Wi-Fi router without pushing WPS buttons in the future as the password will be remembered.

The other option requires one to use the eight-digit PIN code. When WPS is enabled on a router, a PIN code is produced automatically. The WPS PIN can be found on the WPS setup page. Some devices that lack a WPS button will require the PIN. If you enter the wireless network, they verify themselves and connect to it.

The last option also can be done by using that eight-digit PIN. Some devices do not have the WPS button but also support WPS, so they will produce a client PIN that will be used by the router to connect the device to the network. You should just enter the PIN in the settings of your router to get access.

Unfortunately, methods that require using a PIN code don’t have any benefits in the speed of the connection process. You spend the same amount of time entering the router’s password and the WPS PIN, so you should just choose the way that’s more comfortable for you.

Which devices work with WPS?

WPS is supported by a wide range of devices, most commonly, wireless routers. However, you can also find a WPS button on wireless printers, Wi-Fi Range Extenders and Repeaters, which commonly provide WPS capabilities as well. Finally, the WPS functionality is available on a few higher-end laptops, tablets, smartphones, and 2-in-1 devices, where it’s usually implemented via software rather than physical buttons.

What are the advantages and disadvantages of WPS?  

Despite the fact that WPS is embedded in most Wi-Fi equipment, the benefit of this standard is still a controversial issue. Some professionals opt for using it as it makes the connection to the router easier and quicker while others opt against it as WPS mitigates the security of the connection process.

Advantages:

1. It's quick, especially if both the router and the client device have the WPS button.

2. It's simple and requires no technical knowledge. There is no more primitive way of connecting Wi-Fi than pressing the WPS button on both the router and the client device.

3. Support is relatively strong. WPS is supported by all routers and most networking devices. WPS can also be used to establish rapid Wi-Fi network connections on the most common operating systems like Windows, Android, and Linux.

Disadvantages:

1. It isn't really safe. WPS connections using PINs appear to be particularly sensitive to brute-force attacks. A successful WPS attack allows an attacker to obtain access to your Wi-Fi network, and disabling WPS is the only viable remedy.

2. WPS can be used by anyone who has physical access to the router. So any person who is aware of the router’s location can connect it without your permission.

3. WPS is not supported by Apple. You can't connect to Wi-Fi using WPS if you have a Mac, an iPhone, or an iPad. This is because Apple has determined that WPS is insufficiently secure, and thus WPS isn’t not supported by any of the devices.

Conclusion

As we’ve found out, the WPS network’s security standard has both benefits and limitations. On the one hand, it helps us to avoid remembering the Wi-Fi password and connect quickly. On the other hand, WPS is not secure enough to foster user confidence across the board. So, it’s up to you to decide on using WPS or not. In any case, you can disable the function at any time you want by simply switching off the WPS button.

WPS – What is it, and how does it work?

If you’ve ever set up a wireless router on your own, you’ve probably heard of WPS. You might come across this term in the router’s configuration menus or see it on the backside of your router — but do you know what WPS actually means and how it

May 5, 2022 — 4 min read

Upon entering your account on a website or in an app, you might be asked to enter a word or a number combination from a strange-looking picture. They are usually distorted and sometimes it can take a few seconds to determine the symbols on the picture. This security step is named CAPTCHA and seems to be useless and tedious, especially if you have some problems with recognizing and entering the right combination. But to be honest, this simple test plays an important part in the security system as it makes access to websites or online purchases wholly unreachable for bots and computers.

What is CAPTCHA

CAPTCHA is an abbreviation that can be decoded as a Completely Automated Public Turing Test to Tell Computers and Humans Apart. It’s a type of test that helps the websites’ creators minimise the ability of a bot's registration or purchasing power. They're also referred to as "Human Interaction Proof" (HIP). CAPTCHA is widely used across the internet and mobile apps alike. The most common type of CAPTCHA is the picture that contains distorted letter combinations that you should comprehend and write down in the answer box. If you wrote the right symbols, the system gives you access to the site or to the following task. You can also see a variety of CAPTCHAS on different websites. Some of them require you to take a look at a number of pictures and choose those that contain a target object such as bicycles or traffic lights.

How does CAPTCHA work?

CAPTCHA came about mainly because of certain individuals’ attempts to trick the system by exploiting flaws in the computers that power the site. While these individuals are likely a small percentage of total Internet users, their activities have the potential to harm a huge amount of websites and their users. A free email provider, for example, might be inundated with account requests from automated software. That automated application could be part of a wider scheme to spam millions of people with junk mail. The CAPTCHA test is used to determine which users are genuine people and which are computer programs.

The internet and its computers are built using a proprietary coding language. Because of the unique and complex norms that human languages adopt, as well as the slang that humans use, computers have to spend a lot of time understanding them.

Most CAPTCHAs include visual tests, which the “brain” of the computer can’t figure out; it’s much less sophisticated and it's definitely harder for them to determine the pattern in pictures. While humans will spend a few seconds on CAPTCHA, artificial intelligence has to spend much more time on finding a consistent pattern.

There’s also an alternative to a visual CAPTCHA — one that is based on audio access. That type was developed to make it possible for CAPTCHA to be passed by those who have a visual impairment. Although there are more deaf than blind, approximately 75% of all adults require some kind of visual correction, so it’s much more likely that you’ll encounter someone who can’t focus on the letters on screen. After all, they are usually quite hard to read. Usually, audio CAPTCHA is a succession of spoken characters and numerals. Frequently it also is accompanied by background noises and sound distortion to protect against bots.

The third type of CAPTCHA is a contextual one. The task for the user is to interpret some text with his or her own words, keeping the main idea of the passage. While computer algorithms can recognize significant terms in literature, they aren't very adept at deciphering the meaning of those words.

It’s also important to distribute the CAPTCHA pictures in a random order to every user. If imaging would repeat constantly or would be displayed in a specific order, it would be easy for spammers to trace the subsequence of the pictures and program a computer system that would be able to pass the test automatically based on the CAPTCHA’s order.

Turing test

CAPTCHA was based on the Turing Test. Alan Turing, an ingenious mathematician, who was named “the Father of modern computing”, suggested this test to find out whether the computer is able to think like a human or not. The point of the test is that there are a number of questions that must be answered by two participants. One of them is a real person while the other is a computer. There’s also an interrogator whose task is to find out which answers were given by the machine and which ones were given by the human. If the interrogator isn’t able to understand who is who, the test has been passed.

The main goal of CAPTCHA’s creators was to create a test that could be easily passed by a human, but not by a machine.

The pictures that we see on the screen that we need to pass the captcha test are usually very complicated as it must be possible for every user to enter it. But bots are mostly unable to determine the text that is presented in the form of a picture.

Who uses CAPTCHA?

CAPTCHA is a type of verification tool that is widely used by websites and apps to ensure that a user is not a robot.

It is usually used to protect online pools from bots’ votes employed by scammers to cheat. Another purpose of using CAPTCHA is to restrict access to websites where consumers can create free accounts, such as Gmail. Spammers can't use bots to establish a slew of spam email accounts because of CAPTCHAs.

CAPTCHA is also used by ticket services to prevent profiteers from buying too many tickets for big events. This helps honest people to buy tickets in a fair manner while preventing scalpers from putting in hundreds of orders.

Finally, CAPTCHA is used to prevent spamming messages or comments on websites where it’s possible to contact the page’s user directly. It helps to stop bots from automatically sending spam and spoiling the ratings of products or services.

To sum up, CAPTCHA is a good tool to prevent the creation of spamming bots or automatically controlled web pages that spread viruses. It helps the creators of apps and websites to verify that a user is a real person, and not a computer programmed to spoil the system. This small but necessary stage of identification of the user is really helpful and recommended for exploitation on any websites where users are able to create free accounts. If you want to use CAPTCHA to protect your own website, you should be aware of the numerous failure possibilities that you may encounter. We recommend using a service like Google's reCAPTCHA to generate one for you. It’s also a good idea to download an antivirus program and use it together with CAPTCHA to keep your device secure.

CAPTCHA — How does it actually work?

Upon entering your account on a website or in an app, you might be asked to enter a word or a number combination from a strange-looking picture. They are usually distorted and sometimes it can take a few seconds to determine the symbols on the picture. This security step is

Apr 28, 2022 — 5 min read

When we look at the statistics, the number of cybercrimes increases year on year. Hackers have invented a wide range of tools that can crack your password or get your access information with ease. But there are also other ways of violating your privacy. Every click you make is tracked by websites, advertising agencies, ISPs, and other third parties. Thus, you need to secure your privacy online using a web browser optimised for making your web-surfing secure. So, which browsers are really designed to preserve your personal data and prevent leaks?

Everyone knows that Microsoft Edge or Safari are built into smartphones and laptops supported by the corresponding operating systems. So most users are unconcerned about the browser they use assuming that the default option is the best one. Although browsers like Safari, Google Chrome, or Opera are the most common, they really can’t pretend to be the most secure and privacy-conscious. Indeed, there are some less common but highly powerful and privacy-focused browsers that could provide you with plenty of embedded privacy settings that can block cookies, ads, and data tracking. It’s pretty difficult to name the best one as each of them contains its own privacy features enabling them to become contenders for victory. So let’s go through these browsers and their privacy customizations to help you make the call.

1. Tor Browser

Tor is one of the well-known privacy-oriented browsers. It is based on Firefox’s browser and equipped with its own hidden relay servers that are focused on anti-surveillance functions. It automatically erases your cookies and browsing history on the fly. Tor makes users’ internet access anonymous by encrypting their traffic in at least three separated layers (nodes) that are decentralised and run by volunteer computers. Each node focuses on a single layer of encryption, making it impossible to get the entire message in any of them. Thus, no one can trace your online activity or identify you until you deliberately identify yourself. The unique technology of Tor is also available to lessen the uniqueness of your fingerprint, which is an unmatched feature in successfully decreasing the possibility of identifying a user.

Of course, Tor Browser has its drawbacks. Due to the complexity of protecting certain processes, the speed of your internet could be affected. Also, the NoScript function may break some websites. Moreover, there is a possibility that law enforcement is able to see who is using the Tor browser, even if they are not aware of what people do there.

2. Brave

Brave was founded in 2016 and despite it being a quite new browser, it is worth considering. This privacy-focused browser is based on a Chromium network and truly packs a punch with features like an ad-blocker, anti-tracking, and anti-fingerprinting technology. Brave also automatically changes your connection to HTTPS, as it's always important to have a safely encrypted connection. The security options of this next-generation browser enable you to choose which data to erase when you exit the program. Another useful thing is the embedded feature that could prevent scripts from launching. Recently, Brave entirely switched to a Chromium core, which simplified the process of bringing over their Chrome extensions. It allows the browser to be made more functional and convenient. Nevertheless, users still should be cautious in selecting extensions, as it’s important to use ones that respond to individual security requirements.

Despite the fact that Brave is open-sourced, some users may be wary of its Chromium foundation. Brave’s advertising model is particularly contentious, as it favours adverts that benefit the browser over those that benefit the websites you visit.

3. Mozilla Firefox

Firefox is well-known for the variety of settings and extensions that it provides for its users. It’s one of the more commonly used alternatives to Chrome or Safari. Although Firefox doesn’t release updates as frequently as the previously mentioned browsers, it does so on a regular basis. If we take into account the fact that Mozilla is a non-commercial organisation, it’s worth evaluating the work of the company’s volunteers, who do a great job to ensure that Firefox has the most up-to-date security systems in place. Firefox’s security features really have something for everyone. It includes phishing and malware protection, for example, banning attacked websites, and informing the user about attempts of installing site add-ons. It’s also equipped with ad blockers and tracker-detection systems. Moreover, it’s easy to use due to its minimalistic style and simplicity. However, be sure to turn off the telemetry feature as it shares your browser’s data with Mozilla. Such features might disturb the users that appreciate their privacy, but that can be easily disabled via the settings tab.

4. Epic

The main point in using Epic is that you’re able to benefit without changing the built-in extensions. It’s already configured to make the process of internet access secure and confident. Its customizations will block cookies after every session, preventing data tracking and unwanted ads. Epic also has an option to search the information via DuckDuckGo (A privacy-focused search engine that is a good tool to ensure your personal data stays safe). This browser is fundamentally aimed at making your internet access private. It disables auto-syncing, spell-check, auto-fill, and many other functions that can collect users’ personal information. Of course, it doesn’t save you browser history, access credentials, and cookies. Epic also aims to hide your IP address in any possible way in order to protect the information about your location and your device’s data.

While the settings focused on high privacy can disable some sites and functions, which means the browser is not ideal in all cases, extensions can be changed at the expense of privacy.

The explicit disadvantage of the Epic browser is that it’s based on the Chromium code, which is not open-sourced. So there’s no certainty that this code will be independent in the future.

Conclusion

So, what browser can be named the best one suited to protecting your identity and personal data? Well, none of them can be completely private. There are a number of browsers that claim to be the most private and protected ones, but even they have flaws that can disturb some users. So, you should choose the browser that mostly satisfies your own requirements and seems to be the best one for you. In this article, we’ve collected some facts on the ‘chef’s pick’ of browsers. Now, the decision is in your hands.

What is the most private internet browser in 2022?

When we look at the statistics, the number of cybercrimes increases year on year. Hackers have invented a wide range of tools that can crack your password or get your access information with ease. But there are also other ways of violating your privacy. Every click you make is tracked