Cybersecurity Expert Warns of Hidden Risks in Everyday Devices
Cybersecurity threats are no longer confined to computers and smartphones. Increasingly, everyday devices like wireless headphones, computer mice, and even charger cables can be exploited to compromise personal data, according to Elviss Strazdiņš, a Latvian software engineer and digital fraud researcher.
Everyday Devices as Entry Points
Strazdiņš, known for exposing fraud schemes and educating the public on cybersecurity, has demonstrated how seemingly innocuous devices can be exploited. He highlights the potential for unauthorized access to personal information through these common items.
Wireless Headphones
Strazdiņš explained that wireless headphones can be connected to remotely, potentially allowing attackers to obtain a user’s phone number and register it on their own device. This can lead to the interception of verification codes sent via phone call, granting access to accounts like WhatsApp. Regular device updates are crucial to mitigate this risk.
Computer Mice
A high-precision computer mouse, boasting a resolution of 20,000 dots per inch and a 7,000 hertz frequency, was shown to vibrate in response to voice noises. By recording and processing these vibrations with artificial intelligence, it’s possible to eavesdrop on conversations in the room. Using a soft mouse pad can help reduce this vulnerability.
Charger Cables
Strazdiņš demonstrated a seemingly ordinary charger cable containing a hidden computer with a memory card, processor, and Wi-Fi chip. Programmed maliciously, this cable can read data from any device connected to it, emphasizing the importance of avoiding unfamiliar charging cables.
The Importance of Proactive Security Measures
Strazdiņš stresses that many attacks are preventable through basic security practices, including regularly updating software, using strong and unique passwords, and critically evaluating links, caller IDs, and website domains.
Protecting Against Account Takeover
Discarded smartphones pose a significant risk. Strazdiņš conducted an experiment retrieving phones from an electronics recycling drop-off point, finding one unlocked with access to sensitive data, including search history and messaging apps containing evidence of illegal activities. He recommends careful disposal of old devices and securing them with strong passwords.
PIN and Password Security
Strazdiņš advises using six-digit unlock codes for phones and covering the screen when entering PINs in public to prevent shoulder surfing. He warns against reusing the same PIN for multiple accounts, as compromising one can lead to widespread access to personal information.
Caller ID Spoofing and Phishing
Fraudsters often employ “Caller ID spoofing” to disguise their identity, making it appear as if they are calling from a trusted source, such as a bank. Strazdiņš recounts a personal experience where he lost €11,000 to a scam involving a fraudulent call from someone claiming to be a Swedbank employee. He emphasizes that authentication processes should never rely on questions that can be easily answered by a fraudster.
Recognizing Phishing Websites
Strazdiņš highlights the importance of carefully examining website domain names for subtle discrepancies. Scammers often leverage similar-looking characters (e.g., replacing “l” with “I” in “.lv” domains) to create convincing fake websites.
Staying Vigilant in a Digital World
Elviss Strazdiņš likewise trains State Police employees in security issues, using a device called a “break key” that can crack four-digit phone codes in minutes. This underscores the need for strong password practices. He also notes that his public profile and recognizable style (often wearing a red shirt) have reduced opportunities for companies to hire him for “penetration testing” – a practice where he would attempt to breach a company’s security systems to identify vulnerabilities.
As digital threats continue to evolve, staying informed and adopting proactive security measures are essential for protecting personal data and financial well-being.
Related reading