News

Actions

There is a setting on your phone that makes it easier for hackers to get inside

Posted

NEW YORK — It’s easy to get hacked. And yes, it can happen to you.

Follow this advice from actual hackers, and you’ll be a lot safer online.

Turn off your phone’s Wi-Fi and Bluetooth.

Hackers are religious about this. Keeping these features “on” all the time makes it easy for strangers to slip into your phone.

The problem? If you keep Wi-Fi and Bluetooth active, hackers can see what networks you’ve connected to before, spoof them and trick your phone into connecting to Wi-Fi and Bluetooth devices that hackers carry around.

Once connected to your phone, hackers can bombard your device with malware, steal data or spy on you. And you won’t even notice.

So, turn on Wi-Fi and Bluetooth when you need them. Turn them off when you don’t.

Use two-step authentication.

Nowadays, a single password isn’t enough. They get exposed all the time.

Lots of email and social media services offer an extra later of protection: two-step authentication — essentially a second, temporary password.

For example, when you set this up with Google, Twitter and LinkedIn, they ask you for a secret code every time you log in from a new device. You immediately get a text message with a six-digit number.

It’s an effective way to keep out hackers. Even if someone gets your password, they’d still need your phone too — an unlikely scenario.

Create a smart password strategy.

For the select few websites with your most sensitive information (email, bank), create some long and unique passphrases, like +hisPl@tinumDr@gonBreathesF1re.

For everything else? Use a password manager. This type of program stores all your passwords online, so you can make each one different, and you won’t have to remember them all.

But only use a password manager that encrypts them on your device. LastPass and Password Safe do this.

(Why not use a password manager for everything? One master password unlocks them all. You create a single point of failure.)

Change all of your passwords more than once a year.

Use HTTPS on every website. Install the HTTPS Everywhere tool developed by the pro-privacy Electronic Frontier Foundation. It encrypts all the information your browser is sending between your computer and websites.

If you only see HTTP in the address bar, anyone can spy on your Internet session.

Bulk up your home Wi-Fi.

Setting up Wi-Fi at home is a tour through the circles of hell. But these two steps are important.

First, set up a password. Don’t keep the default password on the sticker.

Next, the machine will ask what type of security encryption standard you’d like. Choose WPA-2.

Lots of machines default to WEP (Wired Equivalent Privacy) or WPA (Wireless Protected Access). Avoid them at all costs. A known Wi-Fi flaw can give up your password in seconds.

Don’t hide your home Wi-Fi. Your home router asks: “Hide the SSID?” If you say yes, then your devices are forced to “actively scan” for the home network you’re trying to hide. Sure, they’ll connect. But as a result, your device “actively scans” for networks all the time.

Your laptop and phone are more susceptible to connecting to strangers’ unsafe Wi-Fi networks.

“You’re actually setting yourself back five years in terms of security,” said Ben Smith, an experienced Wi-Fi hacker who’s worked on secretive government projects.

Think twice before buying an Internet-connected device. Do you really need a “smart” fridge or oven?

Companies are still figuring out the kinks — especially the tiny ones raising money on crowdfunding websites like Kickstarter and Indiegogo, according to Duo Security researcher Mark Stanislav.

Tech companies are in a rush to slap the Internet on everything. Cool features get all the attention. Privacy and safety don’t.

As a case in point, a foul-mouthed hacker hijacked a baby’s monitor last year.

“You might be getting told things are secure, when they’re not,” said Stanislav, who hacks devices for research.