Phishing scams that disguise malware or malicious intent in messages are extremely common. Just how do hackers keep reeling in victims?
An Original Podcast from McAfee®
GONE PHISHIN'
12.03.19
36
SUBSCRIBE |
RECENT EPISODES
SUBSCRIBE |
32 KEYLESS IGNITION
10.08.19
Cars are more computerized than ever. But, does this make them easier to steal? Can smart key fobs help hackers drive away with your ride?
33 WHO'S WATCHING
10.22.19
Streaming devices make dumb TVs smart and smart TVs, well, smarter. But does that mean that a hacker can hijack your binge-watching?
34 FALSE CHARGES
11.05.19
It's always stressful when your phone's battery is low, but are some charging stations and USB cables dangerous to plug into?
35 PORCH PIRACY
11.19.19
The more people shop online, the more thieves swipe packages. Are smart padlocks a secure solution? Or can they be cracked open by hackers?
35 PORCH PIRACY
34 FALSE CHARGES
33 WHO'S WATCHING
32 KEYLESS IGNITION
RECENT EPISODES
36
CONTACT
EPISODES
TEAM
ABOUT
CONTACT
EPISODES
TEAM
ABOUT
EPISODES 36 to 34
Phishing scams that disguise malware or malicious intent in messages are extremely common. Just how do hackers keep reeling in victims?
GONE PHISHIN'
12.03.19
36
It's always stressful when your phone's battery is low, but are some charging stations and USB cables dangerous to plug into?
FALSE CHARGES
11.05.19
34
Cars are more computerized than ever. But, does this make them easier to steal? Can smart key fobs help hackers drive away with your ride?
KEYLESS IGNITION
10.08.19
32
MORE EPISODES
Wireless mice have become the preferred peripheral to scroll and click, but can cutting the cord allow a hacker to hijack your computer?
MOUSEJACKED
09.24.19
31
Streaming devices make dumb TVs smart and smart TVs, well, smarter. But does that mean that a hacker can hijack your binge-watching?
WHO'S WATCHING
10.22.19
33
The more people shop online, the more thieves swipe packages. Are smart padlocks a secure solution? Or can they be cracked open by hackers?
PORCH PIRACY
11.19.19
35
GONE PHISHIN'
PORCH PIRACY
FALSE CHARGES
WHO'S WATCHING
KEYLESS IGNITION
MOUSEJACKED
ABOUT
In a world where we obsess over staying connected, how can we be sure we’re not leaving ourselves vulnerable? Hackable? gives us a front row seat to explore where we’re susceptible in our daily routines, without even realizing it. From Wi-Fi to webcams and cars to computers, these episodes expose the places hackers may hit, and explain how they get our information. With the FBI putting out a most wanted list solely dedicated to cyber-criminals, it’s no argument what a huge issue cybercrime has become. Malware and ransomware threats are on the rise*, and we need to take them seriously to learn what we can do to keep ourselves safe.
McAfee® is dedicated to its customers, continually striving to make their digital lives safer and more secure. Focused on all things digital-security, McAfee is always looking for innovative ways to help educate consumers as they navigate new and emerging technologies every day.
Serving as a leader in the cyber security space, McAfee has taken its learnings to the next level, hosting a series of tests that explore cybercrime behind the scenes, and sharing the results directly with you. With a mission to keep all people safe in the digital world, and off the radar to the hackers who invade it, McAfee offers a multitude of tips and tricks you need to stay secure.
Geoff Siskind has helped launch some of Canada’s most popular reality television programs including Storage Wars Canada, Canada’s Worst Driver, Redemption Inc. with Kevin O’Leary, Canada’s Worst Handyman, and Junk Raiders.
An alumni of the Canadian Film Centre’s Interactive Entertainment Program, Geoff directed the interactive documentary Tightrope, which has been presented by many festivals, including SXSW, IDFA, and Hot Docs. He’s produced many hours’ worth of radio programming and documentaries for CBC Radio, including Search Engine (for which he won the New York Festivals’ International Broadcasting Award), Outfront, and The Phone Book Stories.
He’s also directed several documentary films including The Mantelpiece — film about the bizarre migratory route of a taxidermied caribou, which debuted on TVO’s The View From Here and The Big Sky Documentary Festival.
Bruce Snell is a cybersecurity expert whose passion for computer security dates back to dial up bulletin board systems and a time before the internet had pictures. This has led him to a career handling network security for various dot-com startups and Fortune 500 companies.
His ability to translate complex technical subjects and make them easy for technology novices to understand has made him a highly sought-after speaker at industry and technology events around the world, including the Family Online Safety Institute Annual Conference, the New York State Cyber Security Conference, IoT Evolution, the Wharton Tech Conference and others. Bruce is also a frequent media contributor and has been featured on Bloomberg Tech, CBS, CNBC, L.A. Times and more.
TEAM
BRUCE SNELL
Cybersecurity Expert
Read Bio
GEOFF SISKIND
Cybersecurity Expert
Read Bio
CONTACT
If you have press inquiries, an idea for an episode, want to be
a participant in the show, or any other general inquiries,
please contact hackablepodcast@mcafee.com or call us at
1-(855)-4-HACKABLE
EPISODES 30 to 25
From photos and messages to emails and credit cards, smartphones are filled with sensitive personal information. Just how secure are they?
PHREAKS AND GEEKS
05.21.19
PHREAKS AND GEEKS
25
We settle the age-old coffee vs. tea debate by finding out whether a smart coffee maker or kettle leaves Geoff more vulnerable.
MALICIOUS BREWS
06.04.19
MALICIOUS BREWS
26
All-in-one printers with fax machines may seem like relics, but could this seldom-used technology put your network at risk?
FACE THE FAX
06.18.19
FACE THE FAX
27
Skins and other downloadable modifications are a popular way to level up video games. Can these “mods” expose players to hidden malware?
UP YOUR GAME
07.02.19
UP YOUR GAME
28
You spot a dropped USB drive laying on the ground or in your office. Did someone lose their files or is it a trap set by a hacker?
DEAD DROPS
07.16.19
DEAD DROPS
29
Skins and other downloadable modifications are a popular way to level up video games. Can these “mods” expose players to hidden malware?
THE MR. ROBOT SPECTACULAR
07.30.19
THE MR. ROBOT SPECTACULAR
30
EPISODES 24 to 19
If your laptop is lost or stolen, will a strong password protect your personal data? Or is your intimate information up for grabs?
PRYING EYES
11.20.18
PRYING EYES
19
Social media has made sharing photos online universal, but do sharers risk revealing more than they intended?
DIGITAL BREADCRUMBS
12.04.18
DIGITAL BREADCRUMBS
Drones are fun to fly and poised to take on important public functions. But are they secure? Do pilots risk losing all control?
FLYING BLIND
12.17.18
FLYING BLIND
21
Just how much control does a hacker have over your system? Listen and learn as Geoff sees a RAT infested machine from their point of view.
RAT ATTACK
01.08.19
RAT ATTACK
22
Smart TVs make it easy to stream endless binge-worthy shows and movies. Do they also make it easy for hackers to gain remote control?
REMOTE CONTROL
01.22.19
REMOTE CONTROL
23
Smart plugs may allow you to smarten up any old appliance, but do they leave your virtual "front door" wide open for hackers?
THE WEAKEST LINK
02.05.19
THE WEAKEST LINK
24
20
EPISODES 18 to 13
Passwords protect all of our sensitive information. But how easy would it be for a hacker to gain access. Listen in as Geoff puts his own passwords to the test.
AND WE'RE IN
04.03.18
AND WE'RE IN
13
A smart camera allows you to video chat with your dog and toss them a treat. But what if you’re not the only one watching?
PET-NOLOGY
04.17.18
PET-NOLOGY
14
Drive-thru car washes save time and water. But can these internet-enabled devices be easily hacked and potentially dangerous?
CYBER WASH
05.01.18
CYBER WASH
15
Hacking our power plants, gas pipelines, and traffic lights…only in the movies or real-life cyber threat?
PROTECTING THE GRID
05.15.18
PROTECTING THE GRID
16
To hackers, your smart baby devices are just child’s play. Do these devices make you a better parent or more vulnerable to being hacked?
INTERNET OF TODDLERS
05.29.18
INTERNET OF TODDLERS
17
Virtual reality is more immersive, and popular, than ever. But can hackers manipulate virtual experiences and put users in real danger?
VIRTUALLY VULNERABLE
11.06.18
VIRTUALLY VULNERABLE
18
EPISODES 12 to 7
Could looking for celebrities online put your data at risk? We’re uncovering what you might find while searching for a sneak peek.
SEARCHING FOR AVRIL
10.24.17
SEARCHING FOR AVRIL
07
Cell phones are powerful computers that we carry in our pockets. But are these devices leaving us vulnerable to an attack?
CLOAK AND DAGGER
11.07.17
CLOAK AND DAGGER
08
Smart speakers make it easy to carry out tasks with voice commands. But could a hacker somehow control it without you knowing?
HIGH FREQUENCY
11.21.17
HIGH FREQUENCY
09
Talking toys have gotten smarter over the years. But has the security kept up with the tech, or are hackers able to take these toys over?
ALL DOLLED UP
12.05.17
ALL DOLLED UP
10
It’s practically impossible to find a new car that doesn’t come with a key fob. But is this required accessory as secure as a simple metal key?
KEYLESS ENTRY
03.05.18
KEYLESS ENTRY
RFID chips are everywhere from your keycard to your dog. But is this technology as secure as it should be? Listen to find out.
ACCESS GRANTED
03.20.18
ACCESS GRANTED
12
11
EPISODES 6 to 1
We hacked the Wi-Fi at a local café to prove just how easy it is to give away all of your information without ever knowing it.
THE EVIL TWIN
07.18.17
THE EVIL TWIN
01
Ready. Set. Hack. See how much data our hackers were able to get from our host, Geoff, in just 5 days.
PWNED
08.15.17
PWNED
02
A ransom note on your computer? Your data held hostage? Listen as Geoff uncovers the truth about Ransomware when he's Locked Out.
LOCKED OUT
08.29.17
LOCKED OUT
03
You might be holding the steering wheel, but are you driving? See how hackers can take over a car — and how to stay in control of yours.
CARS ARE COMPUTERS
09.12.17
CARS ARE COMPUTERS
04
People put stickers over their webcams. But is this paranoia, or precaution? We’re here to uncover the truth about webcam hacking.
CAMERA CREEPERS
09.26.17
CAMERA CREEPERS
05
Smart doorbells let you see who’s ringing even when you’re not home. But what happens when it’s a hacker at your door? Find out here.
COWBELLS & DOORBELLS
10.10.17
COWBELLS & DOORBELLS
06
35
THE HACK
For this episode's hack, Bruce Snell gives Geoff a firsthand look at how a hacker would pull off a complex spear phishing attack.
The target? Who else but Pedro.
Geoff is confident that, unlike him, Pedro will be an easy target. And Bruce does identify Pedro's biggest vulnerability: he often gets emails from fans of his fashion website asking him for advice.
Using what is called a steganography tool, Bruce hides malware in a series of images and decides to send them to Pedro at varying intervals. The malware includes a remote access tool (or RAT) so that if Pedro clicks, Bruce can take full control of Pedro's computer.
Listen and learn whether or not Pedro clicks, and just how far Bruce is able to take his attack. And is Geoff really safe?
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To stay off spear phishing hooks, here's a tip from our cybersecurity expert Bruce Snell.
Stay Up-To-Date: Make sure that all of your device's software, including your anti-virus and anti-spam tools, are completely patched to the latest version. If you have a hard time remembering, turn on automatic updates.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
https://www.thehogtownrake.com/
GONE PHISHIN'
12.03.19
36
PORCH PIRACY
11.19.19
THE HACK
For this episode's hack, white-hat hacker Craig Young ships a charging cable and small antenna-affixed remote to Pedro before hopping onto a video chat with our host Geoff Siskind.
This means that Pedro, often the victim, instead gets to help Craig hack Geoff. And, this week, Geoff decided to beef up his cybersecurity and install virus protection on his phone.
Geoff's defenses are up, but will that be enough to stop Craig and Pedro?
Listen to find out what happens when Geoff simply uses the cable to plug his phone into his computer and Pedro flips the remote's switch.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To protect your mobile phone and laptop from corrupt cables, here are some tips from our cybersecurity expert Bruce Snell.
Stranger Danger: If you didn't buy the charging cable yourself, you shouldn't plug it into your phone or computer.
Practice Safe Charging: Use a USB data blocker like the SyncStop to ensure that only power is transferred through your cable.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
FALSE CHARGES
11.05.19
34
THE HACK
For this episode's hack, Geoff sets up his smart TV in his studio with two popular streaming devices plugged into it. White-hat Craig Young, never one to be daunted by distance, video chats with Geoff from thousands of miles away.
Before he begins, Craig warns that many of these popular streaming devices lack the authentication mechanisms needed to properly protect them, and these security shortcomings leave users vulnerable in ways they may not realize. And, what's worse, even if you don't have a streaming box or stick, the software built into many smart TVs can be attacked the same way.
Listen to the episode and learn whether your streaming device can get hijacked!
If you've already listened, here's a video you might recognize.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Because these vulnerabilities come built-in by manufacturers, our cybersecurity expert Bruce Snell believes that all you can really do is put pressure on manufacturers to step up and offer more granular controls over security.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
WHO'S WATCHING
10.22.19
33
THE HACK
This episode, Geoff gets on an airplane and flies to Ottawa, the capital of Canada. Once his plane touches down, he rents a car and drives to "Hackable?" veteran Tim Martin's house.
Tim promises that upon arrival, he'll be able to not only break into Geoff's car (again), but drive away in it.
Listen and learn if a hacker could virtually hotwire your car!
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While they may remind him of the batmobile, our cybersecurity expert Bruce Snell is not a fan of smart car key fobs. He believes they are a security issue waiting to happen, and having to unlock and start your car manually with a key isn't that big of a deal. And even worse, there isn't much you can do to protect yourself, aside from being on the lookout for suspicious characters with laptops and dongles watching you unlock your car.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
KEYLESS IGNITION
10.08.19
32
https://twitter.com/Geoffsiskind
https://www.youtube.com/watch?v=6FaI3N8Gg1E
https://twitter.com/brucesnell
https://twitter.com/brucesnell
https://twitter.com/brucesnell
https://hackablepodcast.com/episodes/rat-attack
https://twitter.com/brucesnell
https://twitter.com/brucesnell
THE HACK
Friend of the podcast Tim Martin is back for another hack and this time he joins Geoff in his home kitchen. Geoff hates his trackpad, so he uses a non-Bluetooth wireless mouse that connects via a USB dongle.
Listen and learn if this mouse puts Geoff at risk. Will Tim be able to hijack his computer? Will Geoff pay a price for going wireless?
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Here are some tips from our cybersecurity expert Bruce Snell to keep your computer from getting mousejacked.
Google It: Investigate whether the make and model number of any mice you own or plan on purchasing are vulnerable to MouseJack. If it is, there isn't much you can do to protect yourself.
Choose Bluetooth: While not completely secure, Bluetooth mice are much less vulnerable than RF mice with dongles. So if your computer has built-in Bluetooth support, opt for the mouse with the name of a Viking king.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
MOUSEJACKED
09.24.19
31
https://twitter.com/brucesnell
THE HACK
For our "Mr. Robot" Spectacular, Pedro invited three white-hat hackers from PacketLabs — a record number for our show — over to Geoff's house.
Since Geoff's been busy with travel, he has no idea what to expect and what hacks from "Mr. Robot" they're prepared to execute.
Pedro's been the victim on episode after episode this season. Is this when he finally gets his revenge?
Listen now for some "Mr. Robot" inspired hacking hijinks!
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Here are some tips from our cybersecurity expert Bruce Snell to help keep fsociety and other hackers from cracking your devices and data.
Pay Close Attention: Hackers take advantage of the deluge of texts and notifications we all receive to obfuscate malicious attacks. Disable any unnecessary notifications so you can closely scrutinize what shows up on your phone or computer.
Limit Physical Access: If you must leave your smartphone or computer unattended, like at a store for repair, backup your data and wipe the device clean before it leaves your sight. It's simple to restore from a backup and this keeps prying eyes and malicious programs off your device.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
THE MR. ROBOT
SPECTACULAR
07.30.19
30
https://www.packetlabs.net/
https://twitter.com/brucesnell
THE HACK
After last hacking the skins that host Geoff Siskind's son downloads for Minecraft, white-hat Tim Martin is back. On this episode, he sends host Geoff Siskind an envelope with 10 USB drives.
After Tim shows off just how dangerous these drives can be, Geoff decides they should demo dead dropping on producer Pedro.
Listen and learn if Pedro actually takes the bait!
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To help you avoid letting hackers get the drop on you, here are some tips from our cybersecurity expert Bruce Snell.
Don't Do it: If you find a random USB drive and you don't know where it came from, do not plug it in!
Disable Autorun: If you're using a Windows computer, disable "autorun" before you plug in a USB drive.
Scan First: Once you plug in a USB drive, right-click on it and use your anti-virus software to proactively scan for malware.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
DEAD DROPS
07.16.19
29
THE HACK
For this episode's hack, we are joined by “Hackable?” veteran Tim Martin. Tim's hacked car key fobs and RFID scanners on our show, and now, he's here to show us just how dangerous third-party mods can be.
While Geoff isn’t much of a gamer, his son loves Minecraft — and commonly downloads mods.
Geoff downloads an add-on — made by Tim — that promises to give his character a fancy tuxedo.
Listen and learn just what Tim is able to do once the mod is added to the game!
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To protect your gaming PC and network, here are some tips from our cybersecurity expert Bruce Snell.
Consider the Source: If you’re downloading game mods, make sure it’s from a reputable site like Curseforge or Steam and not a sketchy corner of the internet.
Ask First: A good rule for any gaming house — if a child wants to download a mod, they should have to ask their parents first, and the parents should do research to make sure that it comes from a reputable source.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
UP YOUR GAME
07.02.19
28
https://www.curseforge.com
https://twitter.com/brucesnell
https://steamcommunity.com/workshop/
https://research.checkpoint.com/2018/sending-fax-back-to-the-dark-ages/
https://twitter.com/brucesnell
THE HACK
While Geoff finds there's "something delightful" about sending a fax, he's only sent one the entire time he's had his all-in-one printer and fax machine. For this week's hack, two cybersecurity researchers — Yaniv and Eyal — attempt to hack Geoff's all-in-one printer and fax machine remotely from Israel.
Read more about the original research on the fax exploit from Eyal Itkin, Yannay Livneh and Yaniv Balmas.
Armed with only a $5 modem connected to their computer, Geoff's fax number, and a python script, it is truly eye-opening what Yaniv and Eyal are able to do.
Listen and learn just how vulnerable Geoff is left by the seldom-used, all-in-one printer he leaves sitting in his messy office.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To protect your fax machines and printers, here are some tips from our cybersecurity expert Bruce Snell.
Keep it Updated: Firmware updates are regularly released for printers. Be sure to stay on top of updates, even if you only print every once in a while.
Disable What You Don't Use: If your all-in-one printer has added functionality that you aren't using, simply turn off those tools to avoid unnecessarily exposing your network to vulnerabilities.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
FACE THE FAX
06.18.19
27
https://www.packetlabs.net/hackable-podcast-kettle/
THE HACK
On this episode of “Hackable?” host Geoff Siskind installs a smart coffee maker and kettle in his home and invites two teams of white-hat hackers to see which smart brew puts him more at-risk.
Hacking the smart kettle is Thomas Zook, a penetration tester at Packet Labs. He’s joined on Geoff’s front porch by “Hackable?” producer Pedro Mendes. After last episode’s hack that revealed deleted photos Pedro would much rather have left private, he’s eager to see what Thomas can do to Geoff. Hacking the smart coffee maker simultaneously from a remote location are Steve Povolny and Sam Quinn from McAfee’s Advanced Threat Research team (ATR). ATR is McAfee’s crack team of cybersecurity experts who find and report critical vulnerabilities in the world's most ubiquitous hardware and software. Which team will come out on top? Listen and learn whether there’s more trouble in store for fans of roasted beans or steeping leaves.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To keep trouble from brewing, here are some tips from our cybersecurity expert Bruce Snell that will help you secure your home’s smart devices.
Stick with Known Manufacturers: Avoid purchasing smart devices from lesser-known makers who are less likely to have properly invested in security measures.
Keep Them Updated: Keeping your device software up-to-date will ensure that any exposed security vulnerabilities are patched.
MaKeAT0uGhPa55w0Rd: Protect your devices with a secure password that mixes title cases and utilizes a mixture of characters and symbols. Default passwords are far too easy for hackers to find.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
MALICIOUS BREWS
06.04.19
26
https://twitter.com/brucesnell
https://www.mcafee.com/enterprise/en-us/threat-center/advanced-threat-research.html
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://www.tripwire.com/state-of-security/contributors/craig-young/
https://twitter.com/brucesnell
THE HACK
Craig Young is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He’s uncovered, and responsibly disclosed, vulnerabilities in products made by some of the world’s biggest companies.
A “Hackable?” veteran, Craig was kind enough to come back and test whether Geoff and Pedro’s phones are vulnerable to a hack.
Craig first sends Geoff an email with a link. Once Geoff clicks the link, Craig uses a technique called DNS rebinding where a malicious web page causes visitors to run a client-side script that attacks machines elsewhere on their network.
Listen and learn if Geoff’s click puts Pedro at risk of revealing even more private data!
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To help secure all the private data on your cell phone, here are some tips from our cybersecurity expert Bruce Snell.
Only Download Apps You Can Trust: Stick with apps from trusted developers that are on legitimate app stores, like Apple’s App Store or Google Play.
Run Security Software: If you have an Android phone, this is especially important. Mobile anti-virus software will help keep you protected from malware, ransomware, spyware, and more.
Be Skeptical: If a link, webpage, or email doesn’t feel quite right, trust your inner skeptic and don’t click it.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
PHREAKS AND GEEKS
05.21.19
25
https://twitter.com/brucesnell
https://www.tripwire.com/state-of-security/contributors/craig-young/
https://digitalguardian.com/blog/91-percent-cyber-attacks-start-phishing-email-heres-how-protect-against-phishing
THE HACK
Craig Young is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He's sniffed out, and responsibly disclosed, vulnerabilities in products made by some of the world's biggest companies. For this episode, his "target" is a smart plug in our host Geoff Siskind’s studio. Producer Pedro Mendes joins Geoff and they video call Craig to find out just how he’s attacking the plug. At first, Geoff is endlessly delighted that he can turn a lamp connected to the smart plug on and off with his phone. The light-strobe disco party for him and Pedro quickly ends once Craig takes control. Using a simple phishing scheme (which is responsible for up to 91% of cyber attacks), Craig is able to execute remote code on both the plug and any exploitable devices on Geoff’s network. You'll have to listen to find out what Craig is able to do, but we'll say this, there are some serious implications, and the episode ends with Pedro declaring, "I don't get paid enough for this."
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To make sure there are no weak links that expose your smart home to cybercrime, here are some tips from cybersecurity expert Bruce Snell.
Don’t Set it and Forget it: Turn on notifications for all your connected apps and smart devices so that push notices alert you whenever there are updates that patch security vulnerabilities.
Stay Strong: Always use strong, unique passwords for each device.
Secure at the Source: Your devices and network are only as secure as your router. While it was once hard to configure optimal security settings for your router, newer ones often have built-in security tools.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
THE WEAKEST LINK
02.05.19
24
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
TRANSCRIPT
https://twitter.com/brucesnell
https://www.packetlabs.net
THE HACK
Geoff tells “Hackable?” cybersecurity expert Bruce Snell that he's picking up two white-hats — Ben Adamski and Ian Lin, from Packetlabs — so they can try and hack his personal smart TV.
But Geoff has other plans… Our producer Pedro is an avid soccer fan and there is a huge game playing when Geoff picks up the two hackers. In a karmic twist, Geoff decides to drive by Pedro's house with the pair of hackers and see if they can crack his smart TV in the middle of the game. With only a half an hour until the game is over, Geoff and the white-hats race to Pedro's house to see if they can brute force their way onto his Wi-Fi network.
Listen to find out if the team is able to hack Pedro's TV and get payback for his pranked neighbor! Find out how much control hackers can gain over a smart TV in such a small amount of time.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
If you want to make sure your viewing experience isn't interrupted, here are some tips from cybersecurity expert Bruce Snell to keep your smart TV secure.
Don't Break Out: Some people "jailbreak" their streaming devices so that they can stream TVs and movies they've acquired illegally, but this compromises the device's protection and could leave users more vulnerable to attacks.
Bulk up Your Encryption: To keep hackers from accessing your network — and TV — secure your router with the strongest encryption possible (WPA2).
Be Our Guest: Create a guest Wi-Fi network — with its own password — for visitors so that your smart devices are the only ones connected to your regular network.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
REMOTE CONTROL
01.22.19
23
TRANSCRIPT
https://twitter.com/brucesnell
https://www.darkcomet-rat.com
THE HACK
While Bruce and Geoff may revel in the classic nerd fight between the Creeper and the Reaper. Geoff knowingly clicks on a not-so-hidden email attachment from Bruce that has embedded RAT malware. Once the RAT software is installed, Bruce shares his screen so that Geoff can see just what malicious activities a hacker is able to do with remote access. You’ll have to listen to hear them all but the activities range from benign hijinks to serious violations of privacy that could put your loved ones or business at risk. The RAT that Bruce is using is called DarkComet. Its creator actually ceased development of the malware in 2012 when it was uncovered that the Syrian government was using DarkComet to spy on and arrest activists. If you are curious or would like to penetration test your own security systems, it is not advised that you download any version of DarkComet. Since 2012, cybercriminals have embedded their own RATs and malware into unofficial copies of DarkComet to take advantage of other would-be hackers.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
After the hack, Bruce Snell takes off his hacker hoodie to provide some tips that will help keep your computer free of RATs.
Keep it Patched: RATs take advantage of vulnerabilities and bugs in your operating system. Make sure that you install every new update to keep your machine protected.
Browse Securely: "Drive-by" malware, like RATs, is hiding in shadows scattered across the internet. Browse with security protection to identify and fight off attacks before they allow hackers to take advantage.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
RAT ATTACK
01.08.19
22
TRANSCRIPT
https://en.wikipedia.org/wiki/DarkComet
https://twitter.com/brucesnell
https://www.forbes.com/sites/janetwburns/2016/06/13/johns-hopkins-team-hacks-crashes-hobby-drones-to-expose-security-flaws/#79d124cf54c4
THE HACK
Lanier Watkins is a research scientist at the Johns Hopkins Information Security Institute. He’s led efforts at the university to investigate security vulnerabilities present in popular drone models.
At first, the intention of the research was to expose issues so that manufacturers can create a safer drone, but now, the team has taken it a step further.
As drones become more ubiquitous, technologies will need to exist that can stop bad actors. Say for example, you are a prison guard and someone is using a drone to bring contraband over the walls. Watkins and other researchers at Johns Hopkins have created attacks that could almost immediately drop that drone from the sky. Of course, these attacks could also be used by bad actors to stop well-intentioned utility drones, or to derail the flights of hobbyists. To find out what vulnerabilities they’ve uncovered at Johns Hopkins — and fly some drones — Geoff traveled to their beautiful Baltimore campus.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
If you want a drone as badly as Geoff does, here are two recommendations from cybersecurity expert Bruce Snell.
Do Your Research: Find out if the drone you’d like has exposed security issues. And if so, is the manufacturer — or a community of avid users — creating patches to correct those issues.
Update: This is a common best practice because so much of our modern technologies run on software that needs to be regularly updated. Drones are no different, make a serious effort to keep the app’s software, and firmware of the drone itself, completely up-to-date.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
FLYING BLIND
12.17.18
21
TRANSCRIPT
https://twitter.com/brucesnell
THE HACK
We recruited white-hat hacker, and friend of the pod, Tim Martin back onto “Hackable?” to find out just how much geolocation information could be culled from Geoff’s photos.
First, Geoff texts a selfie to Tim from the safety of his home. You’ll have to listen to the hack to find out how, but 10 seconds later, Tim sends back an image of Geoff’s home from Google street view.
Tim then finds one of Geoff’s public online photo galleries and is able to make a map of where Geoff lives and where he spends his time. Geoff watches his son play hockey every Sunday and posts pictures on social media. A criminal that finds this account would know just when Geoff is out of his house and easy to rob. Terrified, but curious, Geoff tries to do some sleuthing of his own — he can’t believe how simple it is to creepily track someone from their online photos.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Cybersecurity expert Bruce Snell has two recommendations to make sure you don’t leave a trail of digital breadcrumbs that put you at risk.
Lock Accounts Down: If you are a minor, privacy-conscious, or have kids, lock down your (and their) accounts. If your accounts all have restricted, non-public access, only friends will be able to see your photos.
Investigate Platform Policies: Some social media platforms remove metadata from your photos, like Facebook, Twitter, and Instagram. But others may not. There is little consistency so it’s best to investigate yourself and read the image policy of any site you post photos to.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
DIGITAL BREADCRUMBS
12.04.18
20
TRANSCRIPT
https://support.apple.com/en-us/HT204837
THE HACK
After hosting “Hackable?” for more than two seasons, host Geoff Siskind is all-too-familiar with the dangers of a weak password. Scared straight, Geoff locks down his email accounts, online banking, and Facebook account with “crazy complicated” passwords. He also locks down his laptop with a “super weird” password “that you would never guess.” To investigate whether that will keep his laptop’s contents safe, Geoff enlisted the help of Tim Martin. Tim is a white-hat, penetration tester and it’s his job to test the security of systems.
For this hack, Geoff shipped his laptop, complete with the “super weird” secure password, 1,000 miles to Tim. As soon as Tim received the laptop, they connected on Skype to find out just how much of Geoff’s personal information was vulnerable. You’ll have to listen to the episode to find out just how Tim does it, but needless to say, it was ridiculously easy for Tim to hack into Geoff’s laptop and get access to all his information.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While Geoff was astonished it was that simple for Tim to gain access to his Social Security number and photos of his kids, it was just what cybersecurity expert and co-host Bruce Snell expected.
Encrypt Files: The only way to protect the personal data on your laptop is to encrypt the files on your hard drive. If you have a Mac laptop, here is a guide from Apple about how to use FileVault and encrypt your files. If you have a Windows laptop, here is what you need to know about BitLocker device encryption.
Use a PIN or Password: Both iPhones and Androids automatically encrypt your data if you use a PIN or password.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
PRYING EYES
11.20.18
19
TRANSCRIPT
https://twitter.com/brucesnell
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10
https://www.unhcfreg.com
https://twitter.com/brucesnell
THE HACK
Geoff met with the founder of the University of New Haven virtual reality research group Ibrahim Baggili and Peter Casey, a graduate researcher. To state it simply, Bagilli and Casey’s research focuses on what can go wrong with VR.
They aren’t only concerned with virtual crime — Baggili and Casey have also uncovered security vulnerabilities within popular VR platforms that could put anyone who straps on a headset at physical risk. In the name of science — and your entertainment — Geoff bravely strapped on a headset connected to “an infected computer” to see just how much control Baggili and Casey have.
Once Geoff steps into the virtual reality experience, he is subjected to ransomware, a human joystick attack, and even a disorientation attack. You’ll have to listen to find out just what Geoff has to withstand, but this video gives you a good idea.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While unnerved by the experience, Geoff has clearly caught the VR bug.
But before he hops back into virtual reality, Geoff needs some tips from McAfee cybersecurity expert Bruce Snell about how to immerse safely.
Start Small: some VR experiences, like flight simulators, can be enjoyed sitting down. This is a good place to start and get acclimated to immersion.
Update, Update, Update: Keep your system and VR platform up-to-date to be protected from vulnerabilities.
Be Choosy: only use VR software downloaded from reputable places like Steam or others recommend by hardware makers.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
VIRTUALLY VULNERABLE
11.06.18
18
TRANSCRIPT
THE HACK
For this hack, Geoff teams up once again with Dolev Farhi to learn the potential vulnerabilities of the Wi-Fi onesie. Turns out, Dolev and his wife are expecting their first child in a few weeks, so they head to Geoff’s house for a real-life hacking. However, instead of a baby, they dressed Geoff’s dog, Pilot, in the smart onesie as a test case. The first thing they’re able to do is perform a “man-in-the-middle” attack and intercept data from the device. Without having physical access to the device, they proved that they would be able to intercept and read the information being shared from app to device. Then, to take it a step further, they overloaded it with commands and completely crashed the system, with no warning for unsuspecting parents. And the hack was just getting started. Dolev figured, if he could receive data, couldn’t he also send new or false data to the app as well? Imagine getting an alert that something is wrong with your baby’s health, only to find out they’re completely fine, and it’s just a glitch, or a hacker, altering the data in your smart device.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
It makes you wonder, are these IoT devices helping or hurting parents? For all of the moms and dads out there who have or are thinking about adopting some form of baby tech, here are a few things you can do to make your baby tech safer.
Evaluate web-enabled baby monitoring tools and decide if you really need the internet connectivity features.
Check if your smart baby tech is from an established company with a good track record when it comes to any cybersecurity breaches.
Avoid purchases of cheap or knockoff products available on auction sites.
Use a strong and unique password, preferably a randomly generated password from a password management tool.
Keep an eye on manufacturer’s websites for smart baby product updates.
INTERNET OF TODDLERS
05.29.18
17
TRANSCRIPT
THE HACK
In this episode, we teamed up with Steve Povolny who is Head of Advanced Threat Research at McAfee. In his professional opinion, threats against SCADA systems are not all that uncommon, and are becoming more of a real-life threat than many realize. With that being said, Geoff and Steve put it to the test to see just how far they can get to support that claim.
Knowing that there are many worldwide SCADA systems that are connected to the internet, and many of which are potentially vulnerable, we have the ability to find where there are SCADA infrastructure nearby that we can tap into using a system called Shodan. Geoff and Steve conduct a search to see if they can find any vulnerable systems by doing a simple port scan. The results? Over 19,000 results globally distributed. To drive this point home, they were even able to drill down the results to find vulnerable systems within miles from where they were located.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
From a consumer standpoint, there’s not much action to take, but Bruce Snell says it’s important to stay educated on these kinds of threats to know how they can affect you. But rest easy...here are a few initiatives that governments, institutions and companies are implementing:
—Separating SCADA operations from the rest of the company contacts
—Instituting cybersecurity awareness campaigns
—The development of multiple defense layers and threat intelligence
—Implementation of firewalls, intrusion detection systems (IDSs), and other security measures
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
PROTECTING THE GRID
05.15.18
16
TRANSCRIPT
https://www.computerweekly.com/feature/Secure-your-SCADA-architecture-by-separating-networks
https://staysafeonline.org/press-release/organization-leaders-employees-reminded-cybersecurity-workplace-everyones-business-national-cyber-security-awareness-month/
https://twitter.com/brucesnell
https://twitter.com/brucesnell
https://whitescope.io
THE HACK
Geoff teams up with Billy Rios, Security Researcher and founder of WhiteScope LLC. Billy is one of the leading experts on the emerging threats related to software security, industrial systems, infrastructure and medical devices. Billy made a name for himself by hacking an automated car wash with fellow researcher Jonathan Butts of QED Secure Solutions and permission from the car wash owner. He used his findings to raise awareness about the public safety risks of connected devices and as a call to action for government officials. In this episode, Billy lends his expertise to the show and demonstrates how easy it is to hack a drive-thru car wash while Geoff and Story Producer, Marc Apollonio, are in the vehicle. Billy explains how he performed the car wash hack and emphasizes that he was able to do it with very little prep. With more planning time, he could have easily bypassed all the safety mechanisms and taken over the manual arms, bay doors, and sensors. It’s pretty scary when you think about it.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
This hack was certainly exciting, and a bit more outside the box than what the Hackable? team has explored before. We’d like to be able to give our listeners a solid list of tips on how to avoid this type of thing from happening to you, but as you’ll come to find out in this episode, there’s not much you can do to prevent this from happening. However, we’d be remiss if we didn’t give our listeners some advice.
Bruce Snell feels like this kind of hack likely won’t be used for physical harm in the future, and people will more so be using it for a freebie car wash here and there. However, he does recommend sticking with car washes that are more of a manual full-service. But if it is automatic, make sure there are personnel on site.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
CYBER WASH
05.01.18
15
TRANSCRIPT
https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/21_Steps_-_SCADA.pdf
https://www.vice.com/en/article/bjxe33/car-wash-hack-can-smash-vehicle-trap-passengers-douse-them-with-water
THE HACK
For this hack, Geoff caught up once again with Dolev Farhi. Dolev is a white-hat hacker who uses his computer security skills for good to expose vulnerabilities in everyday technology. Geoff and Dolev, both pet owners, explore a clever smart device used in homes —a dog treat dispenser with a built-in camera that allows you to snap photos, stream videos, and toss your pet a treat. First impressions: it’s a well built, quality device. Together, they demoed the product with Geoff’s dog. It takes pictures, videos, and tosses Geoff’s dog a few tasty treats. Basically, it does what it’s supposed to do. When Dolev first set up his pet treat dispenser at home he quickly discovered that it wasn’t just his pet that he could see. It didn’t take Dolev long, just about 20 minutes, to realize that he could access information that wasn’t his. By getting into the product's database, he was able to download the photos and videos of other device owners. Dolev realized the technology behind this dog treat dispenser had a serious flaw…
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Three tips before buying a dog treat dispenser or other smart device for your home:
Get Comprehensive Protection: Secure your home network and all your devices, including phones and tablets.
Be Smart About Wi-Fi: Only use your phone to run your smart devices in secure places that use a secure, password protected Wi-Fi network. That means avoid checking in on fido while on the subway, at the supermarket, and the coffee shop.
Do Your Research: Research the company and preview the online interface of any smart device you purchase. Be choosy and go for reputable brand names.
PET-NOLOGY
04.17.18
14
TRANSCRIPT
THE HACK
For this password hack, Geoff once again became the target of the attack to show listeners what a hacker can actually do. Our hacker for this episode is Rick Redman. Rick is a penetration tester at Kore Logic.
Rick directed Geoff to the website, HaveIBeenPwned.com. On this site, Geoff was able to see where and when his email address had been part of a data breach. From there, Rick was able to see that Geoff had been part of the 2016 LinkedIn security breach that led to 164 million email addresses and passwords being exposed. This is the exact reason why cybersecurity experts are constantly saying that you have to use a different password for everything. If a hacker got access to your Amazon account, you likely have credit card information stored there, if they got into your PayPal account they could steal your money, or if they got into your Facebook they could post on your behalf and access even more of your personal information.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Now that we understand exactly what can happen if your password falls into the wrong hands, there are a few things you can do to help keep your accounts secure.
Use a Unique, Secure Password for Everything: This way, even if an account is compromised, the hacker can’t use that information.
Use a Password Manager: A password manager stores all of your passwords in an encrypted file and allows you to access them.
Make Sure Your Device is Protected: Make sure that you’re running some kind of antivirus or security software, and update your devices to avoid being vulnerable to an attack.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
AND WE'RE IN
04.03.18
13
TRANSCRIPT
https://haveibeenpwned.com
THE HACK
For this hack, Geoff teamed up with hacker Tim Martin, who claimed he had been exploiting the RFID scanner at his condo building for quite some time. As Tim explains in the episode, an RFID chip is a little piece of copper, usually encased in plastic in the form of a key card. Or in Tim’s case, a key fob. And what it does is, when it comes in contract with a receiver, like those found on the outside of a door, the RFID tag transmits a small amount of data that the receiver processes and determines whether or not to grant access.
Outside of Tim’s condo he showed us his “Creepy hacker getup.” What this is, is an unassuming hoodie paired with a backpack. Inside of his sleeve Tim has a low frequency antenna. This antenna has a wire that runs up his sleeve and into his backpack where it’s connected to a computer. And with this device, he’s able to sniff the information right off an RFID chip without them even knowing. You see, Tim is what’s call a “Pen Tester.” Or Penetration Tester. His job is to simulate a cyberattack to test the security of a system…
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
As Bruce Snell mentions, there are a couple things you can do personally to protect info from being swiped off your ID card. But in other instances, it’s up to the entities that distribute these cards, like companies and government, to take the necessary precautions.
Use an RFID Blocking Pouch or Wallet: These items work by using a wire mesh that blocks any signal from getting in, or out.
Don’t Print Anything on the Card Itself: The reason for this is that a hacker won’t be able to see who you work for. This means that can’t target you as a way in.
Use Multi-Factor Authentication: The keycard is fine, but by requiring a second piece of information to gain access, like a thumbprint or PIN number, you increase the security.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
ACCESS GRANTED
03.20.18
12
TRANSCRIPT
THE HACK
With the help of white-hat hacker Tim Martin, as well as an unsuspecting rental car company that shall remain nameless, Geoff shows us just how easy it could be for someone to exploit your key fob to gain access to your car. This hack is known as a relay attack.
Let’s break down how a relay attack actually works. Using a a pair of $11 radio devices, hackers are able to sniff out the signal from a wireless car key fob, then spoof it to open a vehicle's doors. “The first radio impersonates the car's key and pings the car's wireless entry system, triggering a signal from the vehicle that seeks a radio response from the key. Then that signal is relayed between the attackers' two radios as far as 300 feet, eliciting the correct response from the key, which is then transmitted back to the car to complete the ‘handshake.’” However, in response to the weakness afforded by a fixed code system, automakers began using a rolling code system. Essentially, the codes change every time the system is used to lock or unlock the car.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Unfortunately for this one, there really isn’t much you can do to protect yourself, short of putting your keys in the freezer like this tech reporter. As Bruce Snell mentions, this one really falls on the onus of automakers to improve their security. But here are a few things you can do to help this along.
Make Your Voice Heard: Something like writing a letter, making a complaint, or just starting a conversation about the issue can help force the hand of automakers to improve the security of key fobs in order to protect against these well-documented attacks.
Keep Valuables Out of Sight: With a hack like this, it takes a little work before a hacker can break into your car. So by keeping your valuables out of sight, you’re not giving the hacker a reason to attack you.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
KEYLESS ENTRY
03.05.18
11
TRANSCRIPT
https://twitter.com/brucesnell
https://twitter.com/brucesnell
THE HACK
In this episode, Geoff teams up with Dolev Farhi, the same hacker Geoff talked with in Episode 7, “Searching for Avril.” Dolev, armed with just a smartphone, was able to hack a My Friend Cayla doll as well as a Cloud Pet stuffed animal very easily. For Cayla, Dolev and Geoff first familiarized themselves with the doll’s intended use– telling stories and conversing with kids. From there, Dolev looked into the local files inside the Cayla app and found Cayla’s stories in text form. From there, he could edit the text so Cayla said whatever he wanted. Now when Cayla told a story, she talked about how she “Can’t wait to go home, have a beer, and listen to the episode of Hackable? with Geoff and Dolev.” But then, even without the app, Dolev could use another phone, pair it to Cayla over Bluetooth, and turn the toy into a listening device. Armed with this new information, Geoff felt he had an excellent opportunity to play a prank on his kids. Geoff asked the doll to tell a story. In the story, Caya referred to Geoff’s kids as “stinkers who need a bath.”
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While the intended use of these toys is kind of cool, the security tradeoff just isn’t worth it. So as far as talking dolls are concerned, here are a few things to keep in mind to help keep you safe.
Do Your Research: Before buying any kind of connected children’s toy, do a little research to see if there are any reports of security flaws. If you find anything like you would if you searched for My Friend Cayla dolls or Cloud Pets...
Don't Bring Them Into Your Home: The security for these devices just isn’t there. And unlike something that might be around for a while, like your smart TV, the creators of these toys doesn’t have much of an incentive to provide ongoing security updates.
ALL DOLLED UP
12.05.17
10
TRANSCRIPT
THE HACK
Geoff explains in this episode, most of the examples of smart speaker hacking require physical access to the device or an audio command that the owner of the device would likely notice. But what if there was a way to communicate with a smart speaker in a high enough pitch that the human ear couldn’t detect it? That’s exactly what, Liwei Song, a PHD student at Princeton, did. Think of it like a dog whistle, but for hacking a smart speaker.
With this kind of hack, known as a dolphin hack1, a hacker could take over any feature of the device that is accessible through voice commands. From there, “an attacker could embed hidden ultrasonic commands in online videos, or broadcast them in public while near a victim.” After talking with Liwei, Geoff felt that he could replicate this hack on his own. But not without renting some super high-end audio equipment and the assistance of his friend, Chris, who owns an Amazon Echo.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While the conclusion from our smart speaker hack is that it’s possible but unlikely, there are certainly things to watch out for. A lot of times, a smart speaker pulls from, or controls, other devices in your home. So here are a few tips to help keep you secure:
Total Home Protection: Every connected device in your home, including your smart speaker, lives in the same ecosystem. It’s important to protect the central hub and each of the connected devices from attack with antivirus and security software.
Know Your Apps: By installing a malicious app from the App Store or Play Store, you could be giving a hacker a backdoor into your smart speaker. Make sure you only download official apps from trusted sources.
Update. Update. Update.: App and OS updates usually include important security patches. Be sure to download them as soon as they’re available.
HIGH FREQUENCY
11.21.17
09
TRANSCRIPT
THE HACK
Now, how would a hacker go about taking over your cell phone? For the experiment in this episode, Geoff teamed up with good-guy hacker and Assistant Professor at EURECOM, Yanick Fratantonio. Yanick, while working on his phD at the University of California, Santa Barbara, contributed to a project known as Cloak and Dagger1. This project showed how exploiting a bug in the Android operating system could allow a hacker to take complete control of a person’s device
In our experiment, Yanick was able to show Geoff how this type of hack can happen, as well as what the cybercriminal could do once inside...and he did it all from another continent. Yanick used the email deployment method just for the purposes of this experiment, but the same type of malicious code could be hiding in a free app, a wallpaper download, or a mobile website. Even something as simple as just receiving a text message from a hacker could grant them direct access to your device.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
We all need to take mobile security more seriously. On mobile, people don’t take the same precautions, despite the fact that a lot of the time smartphones contain more personal information than a laptop. But there are certain things you can do to better protect your device from an attack:
Be Careful: Use the same level of scrutiny that you would on your computer. Don’t click on links or download attachments that you weren’t expecting or you received from people you don’t know.
Keep Your Device up to Date: OS and app updates usually contain upgraded security features. If you you have an older android, your device may not receive security patches. If that’s the case, browse the Internet for an open source patch from a reputable source.
Use Privacy Settings: Having a passcode on your phone is helpful, but also make sure you use other security features. For example, turn off access to your phone’s digital assistant when the phone is locked.
CLOAK AND DAGGER
11.07.17
08
TRANSCRIPT
THE HACK
In this episode, Geoff, being the incredible Black Star1 that he is, went to an Avril fan site that appeared to be set up by the biggest fan of them all, Naomi. However, despite what the site says and the fact that it looks like it was created by a 12-year old girl, the site was really made by our hacker Dolev Farhi. When Geoff arrived at the site, without clicking on a thing, his computer started to download a file. This action, known as a Drive-By Download2, can execute in the background without you even knowing. Luckily for Geoff, he noticed right away and cancelled the download. Suddenly a pop-up appeared on Geoff’s computer, and to his unsettling surprise, it was a picture of him that Farhi had served up. But Farhi still wasn’t done. He directed Geoff to a section of the website that instructed Geoff to download the “2017 Avril Lavigne photos.” All Geoff had to do was enter his Gmail username and password to get the pictures. As he did, Farhi was immediately able to capture Geoff’s information.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
While getting early access to an unreleased track, or downloading a song for free is certainly appealing, it just isn’t worth the potential danger that comes along with it. In order to ensure your private information stays that way, there are a few tips you can follow:
Be Skeptical: Anything that seems too go to be true, usually is. If a site promises something that doesn’t seem right, like early access to a music video or a free mp3, don’t click it. Nearly 40% of websites when searching for “free mp3” were malicious.
Stick to the Established Media Providers: There are tons of reputable services out there for streaming or downloading music or video. Stick to them to ensure your computer doesn’t get infected with malicious code.
Run Security Software: One of the best ways to combat a cyberattack is to stop it before it happens. Security and antivirus software will help keep the unwanted software out of your computer, phone, and devices.
SEARCHING FOR AVRIL
10.24.17
07
TRANSCRIPT
1 Black Star: Fans of Avril Lavigne. Avril uses this term to refer to her fans and her perfume.
2 Drive-By-Download: The unintentional download of a virus or malicious
software (malware) onto your computer or mobile device.
1 Cloak and Dagger:
A type of attack that essentially hides activity behind various app-generated interface elements that let hackers grab screen interactions and hide their activity.
1 Dolphin Attack: A term that has been given to the method of accessing a smartphone or smart speaker without the user’s consent by executing ultrasonic commands.
THE HACK
In this episode, our host Geoff Siskind opened up his home to hacker Geoffrey Vaughan in order to install, and of course hack, Siskind’s new smart doorbell. The Geoff’s attached the doorbell to the door and activated Siskind’s account. To ensure the device was installed correctly, Vaughan stood on the inside of the door while Siskind rang. Vaughan could then see a fish-eyed video of Siskind and communicate with him via the two-way intercom. Vaughan sent Siskind an official looking email that told him to download an app. This app would scrape the phone’s data for information Vaughan could use, like account details (more on that later). Once the app was on Siskind’s device, Vaughan was essentially sharing the account with Siskind, allowing Vaughan to communicate directly with the doorbell’s server. From there, Vaughan could access sensitive information, such as call logs, number of devices, even video files from past calls. Essentially, anything Siskind could do with the mobile app, Vaughan could do from his laptop.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Some simple steps to help protect your device from unwanted intrusion:
Change Default Passwords: Many of these devices come with a standard username and password. During setup and installation, choose a strong password that’s unique to that particular device.
Keep an Eye Out: Suspicious activity is, well, suspicious. If, for example, your smart doorbell is triggering multiple times with no one at your door, that could be a hacker testing their access. If this happens, change your password. And if it persists, contact the manufacturer.
Always Update: Updates for apps and devices usually contain necessary security upgrades. Even if the device is fresh off the assembly line, there could be an update waiting for you upon installation.
Be Weary: When you download a new app, look at the permissions it’s requesting, don’t just hit “Allow.” If you’re unsure of why an app might need access to a particular component, do a little research to make sure you keep your data secure.
COWBELLS & DOORBELLS
10.10.17
06
TRANSCRIPT
THE HACK
Geoff Siskind opened up his home to give us an inside look at just how easy it is for hackers to invade our lives. Teaming up with Nick Aleks, CEO of Aleks Security Cyber Intelligence Inc. and founder of Defcon416, Geoff invites him to demonstrate a webcam hack right from his kitchen table. And the result was eerie.
Nick’s way in? He added a line of malicious line of code to the image of a cute puppy and loaded that onto a USB stick. Then, by simply clicking on the image, Nick automatically gained access to the laptop without any warning. This access allowed him to see everything from the screen, hear everything from the microphone, and watch everything from the webcam. Most hackers rely on these RATs1, which are inexpensive to buy and easy to program.
The laptop facing Geoff began taking photos of him and recording their conversation without his knowledge.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
How can you be sure you’re not giving someone a direct look at your personal life? Follow these tips to make sure you remain “unhackable” in the world of webcams:
Stay Unseen: Cover your webcam with a sticker or piece of tape.
Be Cautious: Don’t click links or open emails that seem suspicious.
Keep Your System Current: Update when new versions of the operating system or new versions of an applications become available. Updates often include critical security fixes designed to patch and protect from attacks.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
CAMERA CREEPERS
09.26.17
05
TRANSCRIPT
1RAT (Remote Access Tool or Trojan): Malware program that includes a back door for administrative control over the target computer. Usually downloaded invisibly with a user-requested program (such as a game) or sent as an email attachment.
https://www.youtube.com/watch?v=0Ihin_9wVuA
THE HACK
Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car. Using a black box tool, Craig was able to control features in Geoff’s car through its diagnostic port. Craig made the dashboard lights blink, dropped the gas gauge to empty, set the speedometer to 0, and even shut down the engine. Craig’s test proves that even though your passenger seat is empty, you’re not necessarily alone. Attackers can hide tiny devices that grant access to your car from anywhere in the world via cellular capabilities. Carjackers don’t need the keys to kidnap your car.WIRED Journalist Andy Greenberg let two hackers take over the controls of his jeep to prove the reality of vehicular cyber sabotage. Within minutes, the hackers were able to turn on the Jeep’s air conditioning, crank the radio, and kill the transmission – all from their living room. But it’s when disabled brakes left Andy in a ditch that he realized the severity of what car hackers are capable of.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Following these tips will help ensure your car stays unhackable:
Limit Connectivity: Other than GPS and Radio, there should be a limit to how much your car connects to the Internet.
Play it Safe: The overall likelihood of someone infiltrating your car through these devices is low. However, to be on the safe side, if you or someone else must plug something into your car, remove it as soon as you’re done using it…
Do Your Research: Newer cars are coming out with a variety of connected technologies, and plenty of features to keep you safe. For example, in cars that have the “lane assist” feature, the computer of the car has access to the steering wheel. It’s important to do research to make sure the manufacturers is using secure programming methods.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
CARS ARE COMPUTERS
09.12.17
04
TRANSCRIPT
https://nostarch.com/carhacking
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
https://dc416.com/speakers/speaker-profile/
https://dc416.com
THE HACK
All your icons are missing. Years of photos, gone. Your computer is like a digital wasteland with nothing on it. Well, nothing but a digital ransom note saying that if you want your data back, you’re gonna have to pay. If this happens, you’ve been infected with Ransomware and you have two choices – chalk it up as a loss or grant the hackers demands. That’s the focus for Episode 3 of “Hackable?
No one wants to have their computer locked down by Ransomware1. No normal person at least. Lucky for “Hackable?” listeners, our loveable host Geoff Siskind is totally abnormal. He volunteered to lend his personal laptop, containing his entire digital life, for our little Ransomware experiment. With the help of (i guess we can call it help), Michael Gillespie, software analyst and good-guy hacker, we were able to get a first-hand look at the effects of Ransomware.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
The war against ransomware is all about protecting your devices from being infected in the first place. Bruce Snell, Cybersecurity expert, recommends a few tips to help prevent Ransomware attacks.
Regular Backups: Using a cloud-based service or an external device, backup all of your important data at regular intervals. It’s important that this device is not plugged into your machine at all times as anything connected to a device IS also vulnerable in the event of an attack.
Update Software: Many times software updates include security improvements. When you run outdated software you could be giving a hacker a way into your machine.
Run Security and Antivirus Software: The best way to combat Ransomware is to block it before it happens. Security and antivirus software will help keep the unwanted software out of your devices.
LOCKED OUT
08.29.17
03
TRANSCRIPT
1 Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.
THE HACK
The set up for the hack performed in this episode started with finding two whitehat hackers willing to work with us. Both Nick Aleks, a penetration tester, and Judy Novak, a security consultant were happy to lend us their expertise.
Our host, Geoff Siskind, allowed these hackers to use their magic in an attempt to access as much personal information about him as they could. The catch? They only had 5 days. If you’re thinking Geoff’s crazy, you’re not wrong. Bruce Snell, Cyber Security and Privacy Director at McAfee, thought so too. Fortunately, we’re working with the good guys...the hackers who won’t actually do anything dangerous with the data they find. However, Geoff did have the lingering feeling that he was being “watched” all week. But who doesn’t?
So, what did they do and how?
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Identity theft is something that everyone should be on the lookout for. When people get their identity stolen, it’s more likely that it’s part of a larger hack, like when a bank or large retailer’s systems are compromised. However, it can also be as simple as someone peering over your shoulder at the ATM. Here are some tips to help you stay safe:
Don’t Click Suspicious Links: That link of a “funny cat video” your friend sent may seem intriguing, but don’t be too fast to click. If you’re feeling suspicious, consider the sender. Confirm with the person and ensure it didn’t come from an unknown source.
Double Check Links: If you are clicking a link, check the web address to make sure you’re going to the website you intended.
Change Your Password Directly: If you get an email from a large organization (e.g. your bank) saying you need to change your password due to a recent security breach, don’t click the link in the email. Instead, go to your bank’s site directly and change your password from there.
PWNED
08.15.17
02
TRANSCRIPT
THE HACK
The search history on our Internet browser can be a pretty scary thing to share. But what’s even scarier is that so many people are doing it without even knowing. Think you’re the only one looking at your screen? You might be wrong. In a recent study, it is estimated that 4,000 cyber attacks occur every day. So, what can you do to prevent this from happening? Get inside the mind of a hacker.
Meet the McAfee Cybersecurity & Privacy Director, Bruce Snell. In his last 15 years with the company, Bruce has worked with many organizations from national governments to everyday consumers, helping them understand the nature of cybersecurity threats and how they can prepare for future attacks. Recreating a hack made in the high-profile TV show, Mr. Robot, Bruce Snell takes over the Wi-Fi network at the Coffee House Café in Texas. This hacking (with permission from the proprietor) took just minutes, proving how easy it is, and how vulnerable we are.
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
Follow these tips to stay online and out of the hacker’s path:
Keep Others Out: Turn off the sharing feature in your computer’s control panel (Windows), or System Preferences (Mac).
Avoid Sensitive Sites: When on public Wi-Fi, don’t log in to banking or shopping sites where you share personal and financial information.
Use Secure Links: Look for sites that begin with “https” which use encryption to protect the information you send.
Always Log Out: Don’t just click or close out tabs. When you’re done, log off first, then close the tab.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
THE EVIL TWIN
07.18.17
01
TRANSCRIPT
https://www.coffeehousecafe.com
https://www.mcafee.com/blogs/author/steve-povolny/
https://www.mcafee.com/blogs/author/sam-quinn/
https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html
https://twitter.com/brucesnell
MORE EPISODES
MORE EPISODES
MORE EPISODES
MORE EPISODES
HACKABLE? HOME
GEOFF SISKIND
Cybersecurity Expert
BRUCE SNELL
Cybersecurity Expert
Our host, Geoff Siskind, digs into the minds of cyber criminals with cybersecurity expert, Bruce Snell, giving us an in-depth view of the vulnerabilities we face so we can stay observant, and out of the hacker’s path.
*McAfee Labs 2017 Threats Predictions, November 2016.
Santa Clara, CA.
Learn More
Wireless mice have become the preferred peripheral to scroll and click, but can cutting the cord allow a hacker to hijack your computer?
MOUSEJACKED
09.24.19
31
Cars are more computerized than ever. But, does this make them easier to steal? Can smart key fobs help hackers drive away with your ride?
KEYLESS IGNITION
10.08.19
32
Streaming devices make dumb TVs smart and smart TVs, well, smarter. But does that mean that a hacker can hijack your binge-watching?
WHO'S WATCHING
10.22.19
33
MORE EPISODES
EPISODES 33 to 31
Skins and other downloadable modifications are a popular way to level up video games. Can these “mods” expose players to hidden malware?
UP YOUR GAME
07.02.19
28
You spot a dropped USB drive laying on the ground or in your office. Did someone lose their files or is it a trap set by a hacker?
DEAD DROPS
07.16.19
29
Skins and other downloadable modifications are a popular way to level up video games. Can these “mods” expose players to hidden malware?
THE MR. ROBOT SPECTACULAR
07.30.19
30
MORE EPISODES
EPISODES 30 to 28
From photos and messages to emails and credit cards, smartphones are filled with sensitive personal information. Just how secure are they?
PHREAKS AND GEEKS
05.21.19
25
We settle the age-old coffee vs. tea debate by finding out whether a smart coffee maker or kettle leaves Geoff more vulnerable.
MALICIOUS BREWS
06.04.19
26
All-in-one printers with fax machines may seem like relics, but could this seldom-used technology put your network at risk?
FACE THE FAX
06.18.19
27
MORE EPISODES
EPISODES 27 to 25
THE HACK
To learn whether smart padlocks can secure his packages, Geoff gets on an airplane to Hillsboro, Oregon to join Sam Quinn for this episode's hack.
Sam Quinn is a researcher on the McAfee Advanced Threat Research Team and he promises Geoff that he's found a way to hack smart locks.
Listen to hear Geoff put Sam to the test. Is a smart padlock enough to deter digital porch piracy? Or is Sam able to pick the lock without breaking a sweat?
For all the technical details on this week's hack, check out Sam's article, "What's in the Box?"
Welcome to Hackable, an original podcast from McAfee.
THE HACK
To learn whether smart padlocks can secure his packages, Geoff gets on an airplane to Hillsboro, Oregon to join Sam Quinn for this episode's hack.
Sam Quinn is a researcher on the McAfee Advanced Threat Research Team and he promises Geoff that he's found a way to hack smart locks.
Listen to hear Geoff put Sam to the test. Is a smart padlock enough to deter digital porch piracy? Or is Sam able to pick the lock without breaking a sweat?
For all the technical details on this week's hack, check out Sam's article, "What's in the Box?"
Welcome to Hackable, an original podcast from McAfee.
STAYING SAFE
To keep porch pirates from snagging your smart-padlock-protected packages, here are some tips from our cybersecurity expert Bruce Snell.
Do Your Research: Before you buy a smart padlock, check online to see if there are any known vulnerabilities and if they've been patched by the manufacturer.
Add Depth to Your Defense: Pair your smart padlock with a doorbell camera for an extra layer of package protection.
SOURCES
McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether the referenced data is accurate.
https://www.mcafee.com/blogs/author/sam-quinn/
https://www.mcafee.com/enterprise/en-us/threat-center/advanced-threat-research.html
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/whats-in-the-box-part-ii-hacking-the-iparcelbox/
https://twitter.com/brucesnell
PORCH PIRACY
11.19.19
35
TRANSCRIPT
If your laptop is lost or stolen, will a strong password protect your personal data? Or is your intimate information up for grabs?
PRYING EYES
11.20.18
19
Social media has made sharing photos online universal, but do sharers risk revealing more than they intended?
DIGITAL BREADCRUMBS
12.04.18
20
Drones are fun to fly and poised to take on important public functions. But are they secure? Do pilots risk losing all control?
FLYING BLIND
12.17.18
21
Passwords protect all of our sensitive information. But how easy would it be for a hacker to gain access. Listen in as Geoff puts his own passwords to the test.
AND WE'RE IN
04.03.18
13
A smart camera allows you to video chat with your dog and toss them a treat. But what if you’re not the only one watching?
PET-NOLOGY
04.17.18
14
Drive-thru car washes save time and water. But can these internet-enabled devices be easily hacked and potentially dangerous?
CYBER WASH
05.01.18
15
Could looking for celebrities online put your data at risk? We’re uncovering what you might find while searching for a sneak peek.
SEARCHING FOR AVRIL
10.24.17
07
Cell phones are powerful computers that we carry in our pockets. But are these devices leaving us vulnerable to an attack?
CLOAK AND DAGGER
11.07.17
08
Smart speakers make it easy to carry out tasks with voice commands. But could a hacker somehow control it without you knowing?
HIGH FREQUENCY
11.21.17
09
We hacked the Wi-Fi at a local café to prove just how easy it is to give away all of your information without ever knowing it.
THE EVIL TWIN
07.18.17
01
Ready. Set. Hack. See how much data our hackers were able to get from our host, Geoff, in just 5 days.
PWNED
08.15.17
02
A ransom note on your computer? Your data held hostage? Listen as Geoff uncovers the truth about Ransomware when he's Locked Out.
LOCKED OUT
08.29.17
03
HACKABLE? HOME
EPISODES 3 to 1
MORE EPISODES
EPISODES 6 to 4
MORE EPISODES
EPISODES 9 to 7
MORE EPISODES
EPISODES 12 to 10
MORE EPISODES
EPISODES 15 to 13
MORE EPISODES
EPISODES 18 to 16
MORE EPISODES
EPISODES 21 to 19
MORE EPISODES
EPISODES 24 to 22
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll
Scroll