Tech Secrets: 21 Things 'They' Don’t Want You to Know

Eavesdropping Webcams, spying ISPs, toxic PCs, and more: dangers the industry is hiding, and what you can do about them

1 2 3 Page 2
Page 2 of 3

In lab tests, scientists from UW, the University of Massachusetts Amherst, and Harvard Medical School were able to take control of a cardiac defibrillator and use it to induce ventricular fibrillation, a potentially lethal condition. They could also read sensitive medical information stored on the device and change it at will.

Study coauthor Tadayoshi Kohno, assistant professor at the University of Washington, says that similar techniques theoretically could be applied to other wireless medical devices, such as drug dispensers and neuro-stimulators.

"Medical devices are innovating at an extremely rapid pace," says Kohno. "In the future they'll be much more like full-grown computers. We did this study to raise awareness and increase our understanding of the security risks these devices could pose."

The Fix: At present no fix exists, though the Food and Drug Administration and medical-device manufacturers are aware of the problem. There are no known cases of medical devices being hacked in the wild.

Even the study's coauthor downplays the actual danger. "The risk to patients today is low," adds Kohno. "These are amazing life-saving devices, and I would have no qualms about using one."

Your PC May Be Killing You

Though electronics manufacturers have made great strides in reducing their use of harmful chemicals in recent years, tech gear still may contain brominated flame retardants--chemicals used to reduce the risk of fire that studies have linked to lower IQs in children and reduced fertility rates.

"BFRs used in the manufacture of circuit boards can be converted to highly toxic brominated dioxins and furans if the products are burned at the end of their life," says Arlene Blum, executive director of the Green Science Policy Institute and a visiting professor of chemistry at UC Berkeley.

But even daily use can be dangerous, says Blum. "When used in plastic casings, BFRs can also migrate out of the plastic into the dust in the room and then enter the body via the hand-to-mouth contact."

The Fix: While major manufacturers such as Apple, Dell, and HP have moved away from BFRs in recent years, certain products built before 2009--especially devices that generate a lot of heat, like laptops and laser printers--may still contain BFRs, says Michael Kirschner, associate director of the Green Science Policy Institute. "Do some research," says Kirschner. "Almost all vendors now have an environmental section on their Websites that tells you about the materials they use."

The news isn't all bad, he adds. "Most manufacturers in the consumer arena have gotten the message to get additive BFRs out of their products."

As for older products still in people's homes? "They probably need to be replaced anyway, right?" Kirschner jokes.

Antivirus Software Won't Protect You

Security programs won't really protect you from the Internet's worst nasties. "Antivirus software only catches the low-hanging fruit," says Mark Kadritch, CEO of The Security Consortium and author of Endpoint Security. The increasing number of zero-day vulnerabilities--coupled with some vendors' failure to fix security holes in their products for months or even years--means that even the most up-to-date antimalware products may still be behind the curve when it counts, he says.

The Fix: You can't do without security software (see our Security Info Center for reviews of the latest security packages, plus how-tos and news), but to protect yourself more effectively you need to take extra steps such as saving your data to encrypted drives and installing VMware or other software that lets you create virtual machines and discard them as they become infected.

"At the end of the day, if you suspect your system has been compromised, blow it away and click 'restore' in VMware," Kadritch says. "You may lose some e-mail, but you'll get a brand-new system with the latest, greatest updates."

Your Cell Phone Is a Homing Beacon

We'll bet that you never leave home without your handset. Well, guess what: Wherever you roam, you can be found. You don't even need a GPS chip in your phone--your using cell towers allows your provider to triangulate your position within a few hundred yards.

"Wherever you carry your phone, the government can go to your wireless provider and use those records to figure out where you are," says the Electronic Frontier Foundation's Jennifer Granick.

Of course, this information could save your life; cell phone tracking has assisted in locating kidnap victims and people stranded in the wilderness. But law enforcement has also used the technology to track people without probable cause. Documents obtained via a Freedom of Information Act lawsuit by the ACLU, the EFF, and the Center for Democracy and Technology reveal that the state of New Jersey obtained cell phone subscriber information 79 times between 2002 and 2008 without seeking a warrant.

Giving law enforcement free rein opens up broad opportunities for information gathering on people who aren't even necessarily persons of interest in an investigation, says Granick.

"One example would be that police could find out the names of everyone who was near a political protest site just because they were investigating someone or something that happened there," she says.

At press time, a federal appeals court was set to hear arguments in the New Jersey case. How the court rules may determine how much of a snoop your phone continues to be.

The Fix: If your handset has a GPS chip and you don't want to be tracked, turn it off. Even then, the carrier may be able to ping your phone to determine the cell towers nearest you. Turning off your phone entirely is your best bet for dropping off the grid, if only temporarily. The next time you use your handset, though, you'll be back on your carrier's grid.

A 'Cheap' Smartphone Is a Rip-Off

Your wireless company might like you to think that your handset is locked to one carrier for myriad technical reasons, but there's really only one reason: profits. The carrier wants to lock you into paying hundreds of dollars a month for mobile voice and data service, and to accomplish that it will sell you a subsidized smartphone for much less than the company paid for it.

Spending more up front for an unsubsidized phone, however, might save you money in the long run. PCWorld contributing editor JR Raphael compared the fees for an unsubsidized $529 Nexus One phone (and an à la carte contract with T-Mobile) with those for the iPhone 3GS and the Motorola Droid, which are available only with a two-year contract (from AT&T and Verizon, respectively). The cost savings over two years: $1350, thanks largely to T-Mobile's $80-per-month unlimited voice, text, and data plan (no contract required).

It gets better. Ben Ferguson, on his Nosugrefneb blog, compared a subsidized $295 Nexus One plus a two-year T-Mobile plan with an unsubsidized model using a $40 T-Mobile data plan and a $3-per-month VoIP account on Skype. Using the data plan and VoIP lopped an additional $482 off the cost--making that option $1800 cheaper than a subsidized iPhone.

The Fix: Do the math. As more vendors move toward an "open" handset model, paying more up front can save you a bundle in the long run.

Your Webcam May Be Watching You

Two-way video chat is fun. One-way chat--where you're the one being watched--is not so much fun. But it's more common than you might think.

In February, school officials in southeastern Pennsylvania found themselves in hot water after they installed software on school laptops that allowed them to activate students' Webcams remotely. The school claimed that the software--which could snap a picture of whoever was using the MacBook at any time--was only for locating lost or stolen laptops. Outraged parents sued the district, and the story made international headlines.

Two weeks earlier, a woman reported being spied on via her Webcam by a Dell support technician, which she discovered when she realized the tech had turned on her Webcam without asking permission. Chinese cyberspy network GhostNet has reportedly taken over at least 1300 PCs worldwide, including the ability to operate their Webcams. In 2006, Spanish authorities arrested two teens after they hacked Webcams at a local college and tried to blackmail students caught in compromising situations. In 2004, an online intruder commandeered the computer of a 15-year-old girl in Houston, operating her Webcam remotely and typing messages on her screen about the clothes she was wearing.

The Fix: If you have an external Webcam, unplug it when you're not using it. If your camera is built in, covering the lens with a sticky note should do the trick.

Your Boss Can (and Probably Does) Monitor Your Computer

Paranoia, schmaranoia. If you work in a medium-size or large organization, the folks in your IT department are keeping tabs on you.

Using software like Websense Triton or Barracuda Purewire, they can monitor the sites you visit, and scan the e-mail you send or receive. They can also check network-activity logs, or use software that captures your keystrokes or periodically grabs images off your screen.

According to the most recent surveys conducted by the American Management Association, two-thirds of all employers monitor employee Web and e-mail activity. About four out of ten use keyloggers or snoop around employees' computer files. And one out of four firms has fired employees for Internet-related misdeeds.

Besides boosting productivity, companies are trying to avoid malware infestations, accidental leaks of confidential data, and liability for sexual-harassment suits if employees are exposed to Internet porn.

The problem? Selective enforcement, says Joe Rose, a labor-rights attorney based in Sacramento, California. Companies just collect the information and use it when needed to weed out troublemakers, complainers, or people who rub them the wrong way. "In my experience," Rose says, "companies use this information selectively, either to pile on evidence in case of employee misconduct or if the employee engages in activity the company doesn't like, such as labor organizing."

The Fix: Don't use company gear or networks to conduct personal business. If your employer gave you a BlackBerry, get your own cell phone, says Rose. Want to check your private Webmail account? Do it from your own computer and on your own network. In nearly all cases, your privacy rights at work are minimal at best.

You Can Fight the RIAA and Win

Organizations such as the Recording Industry Association of America and the Motion Picture Association of America can have your Website taken down simply by sending an e-mail to your host or Internet service provider--even if you've done nothing wrong. Under the endless gift to copyright holders known as the Digital Millennium Copyright Act, service providers may avoid liability by immediately removing material alleged to violate copyrights. They don't require proof, and they don't have to notify you in advance.

If your materials don't infringe copyrights, however, you can file a DMCA counter-notification with your service provider. If the copyright holder doesn't file suit against you within 14 days, your provider must restore what it deleted. (Of course, if the copyright holder calls your bet and files suit, you can withdraw your claim. Otherwise you'll need to lawyer up, so pick your battles carefully.)

Unfortunately, service providers don't always provide sufficient notice for site owners after the takedown; in some cases bloggers don't even know which files to remove. Recently, six music bloggers had years' worth of MP3 archives wiped from Blogger.com after Google received DMCA takedown notices from the International Federation of the Phonographic Industry. One site was reinstated, while a few others changed Web hosts; the rest were still dark as of this writing.

The Fix: Mail or fax your provider a counter-notification ASAP (e-mail isn't an option). You'll find a fill-in-the-blanks form at the Chilling Effects Clearinghouse site.

Your Passport Could Make You a Target for Crime--Wirelessly

Most American travelers are only dimly aware of a radio frequency ID chip embedded in the last page of their U.S. passport. The only indication as to the RFID chip's presence is a small icon on the cover. The RFID chip permits a passport control officer to transfer the information on the passport's "data page" wirelessly to a terminal, but security researchers have expressed concern that the range from which any RFID reader can pull data from a passport is far greater.

In 2006, security firm Flexilis demonstrated the ability to read RFID data at a range of several hundred feet, using a special antenna mounted to the stock of a sniper rifle (which the researchers used for both dramatic effect and ease of aiming). Last year, Chris Paget of the security firm IOActive drove around San Francisco and, within 20 minutes, copied all of the stored data right out of two unsuspecting U.S. passport holders' pockets, using just a laptop plus off-the-shelf hardware and software costing a total of $250.

The Fix: "The privacy risks posed by RFID-enabled passports make dumpster diving for credit card slips look like child's play," says Andrew Brandt, lead threat research analyst for Webroot. "If a few hundred bucks' worth of gear is all it takes to engage in mass identity theft, or to target citizens of a specific country for crime, it doesn't seem too unreasonable to carry your travel documents wrapped up in aluminum foil."

The Social Web Never Forgets

1 2 3 Page 2
Page 2 of 3
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon